Cryptojacking Growing In Cloud Software Environments – Report

Crime, FinTech, News | May 15, 2018 By:

Security firm Redlock released its newest “Cloud Security Trends” report today. The report claimed 25 percent of companies have some form of cryptojacking going on in their cloud environment.

The report, based on research from the RedLock security analysts, data scientists and data engineers, claims that organizations are struggling to meet compliance requirements in public cloud environments and that new attack vectors are constantly hitting the market.

The report offers a comprehensive analysis of threats confronting the cloud computing environment. These include:

The mainstreaming of cryptojacking: The RedLock CSI team previously uncovered hacker infiltrations of public cloud environments owned by TeslaAviva and Gemalto. It’s now apparent the practice of stealing cloud compute resources specifically to mine cryptocurrency has accelerated and there are signs that attackers are using advanced evasion techniques for this purpose.

The report found that 25% of organizations suffered from cryptojacking incidents, a sharp spike representing a 3X increase from the 8% reported in the last quarter. On a related note, 85% of resources were found to have no firewall restrictions on any outbound traffic (up from 80% one year ago). Industry best practices mandate that outbound network traffic should be restricted to prevent accidental data loss or data exfiltration in the event of a breach.

A major new threat vector can be found in public cloud Instance Metadata APIs. A feature available to public cloud customers, Instance Metadata refers to data about a cloud Virtual Machine (VM) that can be used to configure or manage the running VM—in effect, submitting a query via an API to gain access credentials to the public cloud environment by any process running on the VM. The report identified several ways that hackers might exploit this API, although it is unclear whether any of these methods have been used in the wild. However, just as with the Spectre/Meltdown vulnerabilities of the recent past, the potential impact has a very large blast radius.

Ensuring the omnipresence of compliance: There’s no shortage of industry standards for cybersecurity: NIST CSF, CIS, PCI DSS, SOC2, HIPAA and (soon) GDPR are just some of the acronyms serving up a blizzard of regulations and requirements. The RedLock report finds a decidedly mixed bag of effort and negligence in an operating environment where anything less than full compliance is essentially not compliance at all.

On the positive side, there is a growing trend toward database encryption, a helpful practice to meet the pseudonymization requirement in GDPR and a best practice in its own right. Barely a year ago, 82% of databases in the cloud were not encrypted; now, it’s 49%. However, on average organizations fail 30% of CIS Foundations’ best practices, 50% of PCI requirements, and 23% of NIST CSF requirements.

“We understand why there might be fatigue with endless reports on IT infrastructures that lack adequate security, and there are signs that corporations are stepping up initiatives to minimize vulnerabilities, but there’s definitely more to do,” said Gaurav Kumar, CTO of RedLock and head of the CSI team. “That’s why this report not only shines a light on emerging dangers but also offers concrete advice on how best to ward off attacks. Cloud computing environments bring tremendous flexibility and great economies of scale, but those advantages are meaningless without top-level security. This is a constant and shared responsibility.”

A full version of the report is available for download at