Barely a year or two or ago, “cryptojacking” was not even a thing, or recognized as a class of cyberattack, which gives the reader an idea of just how quickly this latest approach to cybercrime has evolved.
To the electric car creator’s credit, the company’s response to remove said malware and reign in its Amazon Web Services cloud was seriously effective, although the fact that the fallout from the attack was minimalized effectively shouldn’t take away from the unsettling fact that cryptojacking presents an increasingly dangerous security threat, both to businesses and to essential infrastructure as well as public services.
The Tesla infection shows how criminals are now continuing to develop more advanced techniques to target big organizations, either for profit or simply to cause disruption. In this latest scenario, the hackers responsible were not only attacking the public cloud to steal sensitive data but hijacking cloud systems to mine cryptocurrencies such as Bitcoin.
Tesla’s cloud was compromised due to insecurely configured Kubernetes clusters on its Amazon Web Services cloud account. What this clearly shows is the fact that this threat is clearly not going to go away.
How Can Folks Protect Themselves?
Cryptojacking is obviously becoming a new and burgeoning threat, which is why it’s important to consider the nature of the threat and its larger impact, specifically as they pertain to Kubernetes container clusters.
For instance, why is Kubernetes the platform of choice for cryptojacking? The container tech has been highly effective in terms of helping to improve developers productivity. Nevertheless, despite its many benefits to workflow efficiency, too many companies still have knowledge and/or governance gaps – and it is these gaps that can create the crucial security gaps.
The footprint of Kubernetes on Amazon Web Services is very widespread, with 64% of Kubernetes stacks running on Amazon Web Services. This high incidence of Kubernetes Clusters in conjunction with their management complexity as well as insecure configurations is what is now leaving the door open for attackers’ cryptocurrency mining attacks.
Aside from obviously higher public cloud bills, these security “gaps” can lead to a multi-stage attack where a Kubernetes breach may also compromise sensitive keys, machines, and data beyond said clusters. This is a major concern for bigger enterprises provisioning literally thousands of containers every month.
Three Key Steps to Secure Kubernetes Clusters
There are three key steps for an enterprise to secure their Kubernetes clusters and thus avoid these latest cryptojacking threats: blind spot detection, a full security assessment as well as continuous monitoring, remediation and automation. A look at each step in a little bit more detail:
- Blind Spot Detection
Detecting all Kubernetes clusters running in Amazon Web Services is the first important challenge. To secure their Kubernetes clusters, you ought to find out where they exist using different discovery tools.
- Harden Container Stack After Kubernetes clusters are found you have to ensure these clusters and their workloads are secured. There are a multitude of layers in a container stack and each layer needs to be significantly hardened. An additional security issue to note here is the fact that many of the Kubernetes installers will default to developer-friendly mode, however with insecure configurations.
- Automate Kubernetes Checks Finally, it’s necessary that organizations use an automated policy solution(i.e SecOps Policy Service), to continuously monitor and then fix container attacks when they happen.