Amazon Cloud Hacked to Mine Bitcoin

Recent hacks of Amazon Web Services customers showcase the need to secure hosted cloud instances. Businesses that leverage these 3rd party cloud services must protect their investment.   

A security firm recently detected that Amazon Web Services (AWS) for two major technology companies, Aviva and Gemalto, were compromised by attackers for the purpose of using those rented computing resource for their bitcoin mining benefit. The hackers negotiated through insecure administration consoles to gain control of the cloud instances and setup necessary commands within the software containers.    

Bitcoin mining, like many of the Proof-of-Work (POW) cryptocurrencies, requires extensive computing power to solve mathematical problems in order to ‘mine’ new coins. Super-sized data centers, such as AWS, is a great target for these malicious hacking miners as they contain sizable numbers of CPU, video, and storage assets. The more power you have, the better chances to win the race conditions. Every block that is ‘won’, at the current rate, earns a reward of 12.5 bitcoins.  With the value of bitcoin hovering around $5000, that equates to over $60k for every block won. However, this race is highly competitive with tremendous computing power being applied from professional miners around the globe. This is why more resources, like that of major cloud hosting environments, are sought by hackers.  

Protecting Your Cloud 

Hosted cloud services from Amazon, Microsoft, Google and others are a hot commodity with businesses large and small, who want the benefits but not the burden of significant capital investment and management headaches of the necessary complex infrastructure. It is more cost effective and timely to rent what they need based upon their specific fluctuating demands. Such demand has fueled an explosive growth of these cloud data centers.    

One of the potential downsides is security. It is tougher to protect computers and services when they reside in distant data centers and may be on hardware servicing multiple simultaneous tenants.    

Many customers believe either their data is not sensitive enough to be heavily protected or that the cloud provider will provide adequate defenses. In most cases both assumptions are wrong.   

As this recent attack and the many that proceeded it prove, data and services hosted on third party cloud environments must be protected. The level of desired security may vary, but leaving assets exposed or weak is simply an invitation to attackers. Cybersecurity rationale demands that even offsite services should be handled with the same level of scrutiny as assets residing in internal data centers.    

Companies are now realizing that security and privacy is crucial to their business. Prevention and Detection are necessary at the very least. Top-tier organizations push the stronger end of the spectrum striving for a complete strategic defense capability process. This is where prediction, prevention, detection, and response capabilities act in a continuous improvement loop to fuel the optimal balance of security in an adaptable and sustainable manner.

Pillars for Cloud Security 

For those organizations who are using hosted cloud services, there are three fundamental areas you should be focused on: 

1. Patch cloud environments and keep them current. This includes the operating systems, Commercial Off the Shelf Software (COTS), and virtualization tools  
   
2. Incorporate security into the management and app development cycles. Where custom software is being developed or employed, it is important that the code is sound, access controls properly managed, and usage policies are in place for privacy, confidentiality, integrity, and availability.    
   
   All developed code should go through a rigorous process to verify the strength of security, which also includes libraries and open source software. Access controls must also be instituted for control to view, edit, audit, validate, and deploy updates. These should include both technical and behavioral aspects. Consider multi-factor authentication for especially sensitive access. To ensure that security levels remain intact, policies, clear accountability, and regular auditing must be instituted. This includes processes for ownership succession, Last-Day-Office (LDO) access revocation, and Disaster Recovery planning.    
   
3. Lastly, leverage existing cloud-based security tools to protect from attack and detect when systems are compromised, as response times are important to minimize damages. Have anomaly detection, anti-malware solutions, strong firewalls, and Denial-of-Service (DOS) protections where it makes sense.  

Think Ahead  

Possessing a proper security and risk mindset, supported by solid planning, is invaluable to success.  The security objectives must be clear to everyone and commitment in place from top to bottom of the organization.    

Make compromising your systems difficult, concealment of attackers short-lived, eviction of intruders easy, and recovery second-nature to implement by operations. This is true for on-premises assets as well as remotely hosted cloud services.   

As I have stated before:  

Two types of victims exist: Those with something of value and those who are easy targets.   

Therefore, don’t be an easy target and protect your valuables.     

 Not the Worst Attacker 

If the worst that happened in this incident is the consumption of resources by fraudsters, then these victims should consider themselves fortunate. Attackers can do far worse. Stealing data and intellectual property can be very costly. Additionally, compromising a hosting cloud environment can be a stepping stone to accessing corporate networks and systems, where more significant damage, theft, fraud, and impact can occur.    

These victims were lucky. It could have been far worse. Just ask the likes of Equifax, Yahoo, Anthem, Sony, JP Morgan Chase, Target, and the U.S. Office of Personnel Management.    

This recent cloud breach incident is a great learning opportunity. There are many types of compromises, fraudulent schemes, and attacks. Companies who invest in 3rd party hosted services must also take necessary steps to secure their investment. Cybersecurity does not happen by itself. It takes work, forethought, expertise, and commitment by the entire organization. 

Interested in more? Follow me on LinkedIn, Twitter (@Matt_Rosenquist), Information Security Strategy, Golos, and Steemit to hear insights and what is going on in cybersecurity.