A report from cloud security research firm RedLock has shown that at least two large companies’ AWS cloud services have been abused by hackers to mine Bitcoin. RedLock has confirmed that multinational organisations Aviva and Gemalto were affected in the breach.
The news is particularly stark in light of the news that governments with even limited resources such as North Korea are employing hackers to steal Bitcoin.
RedLock’s Cloud Security Intelligence (CSI) Team began its investigation after it discovered a number of Kubernetes applications (software to help companies scale their services) in AWS, Microsoft Azure and Google Cloud were not password protected. RedLock even brands some of Aviva’s and Gemalto’s web applications as, ‘open to the public,’ creating, ‘a window of opportunity,’ for any would-be intruders.
In one instance, RedLock discovered that an afflicted Kubernetes container had essentially been turned into a parasitic bot that executed mining commands. Upon further investigation, the CSI team discovered access keys and ‘secret tokens’ in plaintext (ordinary readable text) stored within some Kubernetes instances. Some form of cloud monitoring process, according to the team, could have highlighted this significant gap in their defences.
Attacks, however, do not always come from external offenders. Only last week it was reported that two IT workers for the Council of Ministers in Crimea were fired for mining Bitcoin while at work.
Mining Bitcoin is an energy-intensive process, and it is believed that the pair used work computers to facilitate their activities. Similarly, a staffer for the Federal Reserve was fined and put on probation back in January for mining on servers owned by the US Central Bank.