Don’t count on cloud security providers to keep hackers away.
As more companies have shifted their data to the cloud, some firms too strapped to spend on security have begun to rely more heavily on companies like Amazon Web Services and Microsoft Azure to assume more network protection and monitoring responsibilities. But Stan Black, chief security and information officer at the software company Citrix, says that hackers are adapting to this transition, hijacking companies’ cloud infrastructure.
The issue demonstrates ways in which hackers are keeping pace with corporate defenders, and it presents an urgent challenge for companies that stand to lose millions of dollars, Black said.
“This is about someone stealing assets that I pay for,” he said, comparing cryptojacking to a more nefarious version of peer-to-peer music piracy. “The upside is that it’s not destroying the business, or encrypting data. But they are consuming assets that make us think we need to spend more on connectivity.”
Cloud providers charge for computing power and data removed. When malicious cryptojackers take control of an employee’s account, then use that access to mine for bitcoin or Monero, that can dramatically increase the a firm’s data consumption. Cloud companies often do not detect this kind of malicious activity, and organizations may only find out they have been victimized when they receive a $10 million cloud bill for what was supposed to be a $1 million fee, Black said.
“Do the math: if you, your friends and your family all had the same [phone] plan you can burn your data pretty quickly,” he said. “Now multiply that by many hundreds of millions of assets around the world for a company … that slows down the adoption of the cloud, which frankly is not good. It’s a market issue.”
Cryptojacking is not new. The tactic replaced ransomware as the most popular threat this year, in part because miners are able to remain undetected for so long, Forbes reported. Thieves last month used cryptojacking malware to use computing power from the Make-A-Wish foundation, and earlier this year hit Tesla Motors, among many others. College networks and local governments aren’t immune, either.
The issue has been a problem at Citrix, as well. The company experienced a “significant” cryptojacking surge during one week in 2017, forcing the company to accelerate its analysis of network traffic to shunt any unauthorized mining activity, Black said.
Hackers since then have changed their approach. As security executives implement tools that track how much computing power a device takes up, cryptojackers have become more careful. If a tool issues an alert when it’s at 80 percent computing power, hackers will adjust to that and aim to take up no more than 60 percent of that device’s power, Black says.
Citrix now has tightened its own computing thresholds and monitors traffic more closely. If a web connection is encrypted in a way Citrix doesn’t recognize, for example, security tools stop that connection immediately, Black says. The company also shuts down applications running on workstations or in the cloud quickly if an app is not authorized on Citrix’s whitelist of pre-approved programs.
“I know this isn’t on the minds of a lot of people, which is what I’m concerned about,” he said. “The more people who are exploited, the more bad things happen on the internet.”