Cryptomining emerges as a major cloud security threat, highlighted at Google Next23 by Jeff Reed of Google Security.
Concerns regarding identity and access, misconfigurations, and a lack of data visibility are frequently cited as the top threats to cloud computing. However, cryptomining was regularly brought up at Google Next23 as a cloud security concern that is a growing threat despite being largely ignored. In a discussion at the conference, Jeff Reed, vice president of product at Google Security, stated, “It’s an easy way for the bad guys to make money.”
For certain threat actors, the primary motivation for their cybercrime is financial gain; for them, the money they may make during the initial attack or in the future is what matters most. However, players who are not often driven by financial gain still require funding for their cybercrime activities; these actors could be those who are more interested in using espionage to upend the political system. It’s an easy way to get money, which is one reason why ransomware attacks have increased. Additionally, threat actors that target cloud systems want to make money through cryptomining.
According to Reed’s investigation of cloud breaches, cryptomining is the most common activity. The Google Cybersecurity Action Team’s Threat Horizons Report from last autumn states that cryptomining was used in 65% of all hacked cloud accounts. Due to the complexity of cloud systems, once a threat actor enters, they can remain hidden for extended periods of time. The longer they remain within the cloud, the more cryptocurrency they can mine.
Knowing About Cloud Cryptomining
As most people are aware, mining cryptocurrency requires a lot of technology, software, electricity, and processing power. There were warning indicators, such as an abnormal rise in power consumption, sluggish and delayed processing performance, and overheating, if your network has been compromised by cryptojacking.
Cryptomining has become more economical by migrating to the cloud. According to a Splunk blog article, “People and businesses can rent cloud computing resources from cloud computing providers like Amazon Web Services (AWS) and Microsoft Azure for cryptomining.” The cloud’s easy scalability gives cryptominers a great deal of operating flexibility.
Threat actors find cloud-based cryptomining so alluring because of all the advantages it offers to honest miners. The infrastructure for mining can be taken over by cryptojackers in a matter of seconds if they gain access to the cloud network. The threat actors can stay in stealth mode for extended periods of time, sometimes going undetected until someone observes an increase in cloud usage fees or unexpectedly poor performance in the apps and devices connected to the cloud network. They can frequently access cloud accounts through stolen or compromised credentials.
Threat actors aren’t limited to using your cloud network to profit from their illicit cryptomining. Once they’ve made a home for themselves inside your cloud network, they can now launch various kinds of attacks, like DDoS and malware. Until they are discovered, they are in the upper hand here.
Identifying Cloud Cryptojacking
It is necessary to use detection techniques that rely on behaviour and real-time models to stop cryptojacking in your cloud environment. The following are recommended practises to identify unauthorised cryptomining:
- Turning on threat detection services for all devices and projects.
- Turning on event detection at Stage 0. Stage-0 events are the initial phase of cloud-based cryptomining attacks, according to Google.
- Configure cloud DNS logging to keep an eye on all cloud traffic. Keep an eye out for any strange increases in cloud usage.
- Use identity management systems to spot abnormalities in authentication and implement the least privilege principles to restrict access to cloud applications.
- To find misconfigurations, use scanning tools.
- Assign contacts who are in charge of responding to security alerts.
Organisations face a significant security risk from cryptomining attacks, and it is no accident that as more production is shifted from on-premises to the cloud, the number of cloud-based assaults has increased. It emphasises the necessity of comprehensive cloud security; the better you can safeguard your network against cryptojacking, the more effort you must perform up front to close security gaps that allow assaults to enter the cloud.
