This article ran previously in ITOpsTimes.
Cryptocurrencies and the cloud are two of the hottest topics in technology circles today. They’re not often discussed in tandem. But they should be, especially among cloud security professionals.
Why? Because when put together, cryptocurrencies and the cloud create the perfect storm from a cybersecurity perspective. People want to mine cryptocurrency, which is pricey. The proliferation of cloud native technologies provides an easy on-ramp for attackers who want to mine crypto on someone else’s dime.
Although attacks against cloud native environments with the end goal of crypto mining may not be on the radar of many IT security teams, it’s high time to incorporate anti-mining defenses into your cloud security plan.
Why Crypto Miners Want to Steal Your Cloud
If you know anything about cryptocurrency, you’re probably aware that most cryptocurrencies are “mined” by performing complex computing operations, which are usually performed on specialized computers called “mining rigs.” Mining the more popular cryptocurrencies, especially Bitcoin, requires immense computing power—so much that the energy expended on Bitcoin mining will reportedly totally exhaust all of the world’s energy-producing capacity just two years from now.
Statistics like that drive home just how expensive it is to mine cryptocurrency. Performing legitimate mining operations requires a major investment in specialized computing hardware, as well as a whole bunch of electricity. And because many cryptocurrencies are designed in such a way that the computing power required to mine new coins increases over time, the cost of mining is always getting larger.
So, too, is the appeal of being able to mine cryptocurrency using someone else’s computing power and someone else’s electricity.
Therein lies the reason why crypto mining has created a grave new threat to cloud security: If you want unlimited computing power to mine cryptocurrency, the cloud is the perfect place to get it. And given that most clouds are well connected to the Internet, there are plenty of doorways that you could use to sneak in, take control of someone else’s cloud accounts or instances, and start mining cryptocurrency.
Plus, the fact that most cryptocurrencies are highly anonymous makes the deal even sweeter for attackers. Unlike other kinds of cloud-related security heists (such as those that involve stealing private data that can be hard for attackers to cash in on without giving away their identity), it’s easy to exchange cryptocurrencies anonymously.
Leveraging Cloud Native Tools to Mine Crypto
It’s not only the enormous profit potential of crypto mining on someone else’s cloud that makes this threat so dangerous. The fact that cloud native infrastructure makes it especially easy to deploy and run mining software adds to the dilemma from the perspective of security professionals.
Mining software can be deployed in the cloud in seconds using cloud native technologies like Docker containers. It’s easier in most cases to set up mining software in the cloud than it is to do it using on-premises mining rigs.
The complexity of modern cloud native software also benefits malicious crypto miners because it creates many potential attack vectors. For example, a misconfigured orchestrator like Kubernetes, or a Docker registry that admins accidentally leave open to the public, are easy for attackers to manipulate in ways that allow them to deploy containers that will mine crypto. These sorts of challenges did not exist before the cloud native age, when infrastructure was simpler and easier to secure using standard firewalls and basic access control.
Halting the Crypto Miners
Given that the bad guys have such a strong incentive to steal your cloud in order to mine crypto, and the fact that cloud native technologies make it especially easy for them to do so, what’s a DevSecOps team to do to stop the threat?
The following strategies will do much to help ensure that your cloud native environment does not become the next victim of nefarious crypto miners:
- Adopt a multi-layered security strategy. In complex, highly dynamic cloud native environments, it’s not enough to rely on a single layer of defense. You instead need to build in security defenses at multiple levels: at the public network level using a firewall, at the container image level using an image scanner, and at the runtime level by creating “whitelist” rules that establish what is acceptable container behavior.
- Scan for configuration mistakes. No matter how great your DevSecOps team is, there is a good chance that they’ll make mistakes when it comes to configuring cloud native environments, due to the simple fact that the environments are so complex. You can’t rely on humans to find all of these mistakes. Instead, deploy automated tools that can notify you about problems that might allow attackers to take control of your orchestrators or images.
As long as there’s lots of money to be made by mining cryptocurrency, the threat that crypto miners pose to cloud native environments is unlikely to disappear. Fortunately, by taking a forward-thinking, cloud native approach to security, it’s possible to mitigate the risk of ending up with expensive infrastructure devoted to mining Bitcoin rather than what it needs to do.
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
Securing Containers on Oracle Cloud InfrastructureRead the Blog
Docker Security Best Practices: 2018 Wrap-UpRead the Blog
Open Source Cloud Discovery Tool for Visibility Into Cloud Native PlatformsRead the Blog
The Evolution of Container Security, 2013-TodayRead the Blog
Why Automation is the Crucial Ingredient in Microservices SecurityRead the Blog