Hackers just found an easy way to mine Bitcoins: by hijacking the Amazon Web Services computing resources.
Last week, the cloud-based computing network of Amazon, Amazon Web Services (AWS), was reported to have been breached by unknown hackers. The hacking incident was confirmed by the security intelligence group RedLock, a California-based cloud threat defense company that monitors not just AWS, but Microsoft Azure and Google Cloud Platform as well.
Because Bitcoins can help prop up startups and cutting-edge tech projects via an ICO (or initial coin offering, learn more here), each time cryptocurrencies are exploited the entire tech startup world holds its breath.
A report released by the security firm outlined how some administrative consoles of AWS, Azure, and Google cloud were not password protected, potentially exposing them to any cyber attack. The report also revealed how the AWS computing resources had been exploited to mine Bitcoins. RedLock also named two companies impacted by the breach. A part of the report read:
“The RedLock CSI team recently exposed hackers that were using organizations’ AWS computing resources to mine Bitcoins. The impacted organizations included large multinational corporations such as Aviva and Gemalto.”
RedLock also pointed out that the attacks came at a time when nation-state hackers are stealing Bitcoins.
“Given the concerns around nation-state hackers stealing bitcoins to fund political campaigns, it is important to deconstruct the kill chain of this attack and proactively implement measures to defend against advanced cloud threats.“
It should be remembered that last month, South Korean authorities confirmed that North Korean hackers are targeting Bitcoin exchanges in the country to steal digital currency for the regime.#AmazonWebServices was reportedly used by hackers to mine #Bitcoin! #HackingClick To Tweet
How Hackers Infiltrated Amazon Web Services
According to RedLock, they started investigating potential breaches in Amazon Web Services, Microsoft Azure, and Google cloud security when they discovered that a number of Kubernetes administrative consoles deployed on the three cloud platforms were not password protected.
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.
RedLock further emphasized that the security lapses on the said consoles created a window of opportunity for hackers, citing the possibility of misconfiguration exposure should configuration monitoring solution be put in place.
A more in-depthanalysis of the situation led the RedLock CSI team to the discovery of a Bitcoin mining command used by hackers from one of the Kubernetes containers, successfully turning it into a parasitic bot.
“Upon deeper analysis, the team discovered that hackers were executing a Bitcoin mining command from one of the Kubernetes containers. The instance had effectively been turned into a parasitic bot that was performing nefarious activity over the internet. This highlights the need for effective network monitoring solutions in public cloud computing environments to detect suspicious activity.” ~ RedLock
If the discovery of the said security breach was not enough, the team also found access keys and secret tokens in plaintext within the unprotected Kubernetes instances. Apparently, this could allow hackers to access critical infrastructures and cause significant damage. The team went on to say:
“It is imperative to monitor public cloud computing environments to detect suspicious user activities.”
RedLock deemed the breach as proof that today’s cloud security needs a more holistic approach. “A combination of configuration, user activity, and network activity monitoring is necessary to detect these complex threats in public cloud computing environments.”
Implanting Tools to Mine Bitcoins
The hacking of the Amazon Web Services to mine Bitcoin is not the first incident of bitcoin miners implanting tools on unsuspecting victims for their mining activities.
It appears that utilizing website visitors’ CPU power to mine cryptocurrency would be an alternative solution being considered by the two websites to replace advertisements. Another popular script being used by hackers to mine Bitcoins is the JSECoin.
According to Bank Innovation, Kaspersky Lab and Bleeping Computer both reported that 1.65 million computers were infected with cryptocurrency mining malware during the first nine months of this year. Another report from Adguard also suggested that “2.2% of the top 100,000 on the Alexa list” host malware designed to mine cryptocurrency using a user’s PC.