In the fourth quarter of 2017, financial services and technology news was dominated by the topic of cryptocurrency, with considerable attention given to Bitcoin. Large international investors, hedge funds, and small individual investors alike all watched as the value of Bitcoin skyrocketed, reaching nearly $20,000 in mid-December. The rapid increase in value was so dramatic that many individuals decided to either invest in or build their own cryptocurrency mining platforms in an attempt to cash in on the digital gold rush.
However, cybercriminals also started to pay more attention to cryptocurrencies and began looking for more sophisticated ways to profit from the increase in those currencies’ values. In fact, in 2017 there was a dramatic increase in ransomware activity, with criminals demanding payment in cryptocurrency.
Fast forward to 2018 and the tactics employed by cybercriminals have evolved to the point where they are now hijacking entire computer platforms, rather than deploying ransomware and waiting for payment. In what has become known as “cryptojacking,” attackers search and actively target misconfigured cloud platforms such as Amazon AWS. Once access is gained, attackers install software used to generate Bitcoin that runs silently in the background in a victim’s cloud infrastructure. Not only does this style of attack result in the victim’s data being compromised, potentially including non-public information of both employees and customers, but it can also result in a considerable increase in the costs associated with maintaining a cloud environment, since victims are paying for the resources consumed by the malicious software installed by attackers.
Just this week, electric car manufacturer Tesla announced that it had fallen victim to cryptojacking within one of its AWS cloud instances. The cloud instance in question was one that Tesla said was used to gather and analyze telemetry data for prototypes that its internal engineering team was working on. Not only was Tesla’s sensitive data compromised, but the attackers also profited from the mining of cryptocurrency at Tesla’s expense. Analysis of the attack found that Tesla had failed to properly configure its AWS container solution to use a password, a simple mistake resulting in a monetary, productivity and public relations loss.
Attacks like this are becoming increasingly more common and highlight the importance of understanding the cloud technology companies are using. Attackers are constantly looking for misconfigured cloud instances that they can exploit for their own purposes, including the mining of Bitcoin and other cryptocurrencies. Financial services companies not only have to focus on selecting a cloud platform that is flexible and compatible with their business, but they must also give proper attention to the security and monitoring of their cloud environments. Configuring and securing technologies such as Amazon AWS and Microsoft Azure requires a different approach than companies tend to employ in the traditional technology and security model. It is important to invest in the right training and expertise to protect against these modern threats, as many attackers have become very sophisticated and are capable of operating without detection for extended periods of time while their victims foot the bill.