Today I was reading about the Capital One breach and it spoke of some terms I've hear before but don't really know what the words mean. It was talking about how the culprit took advantage of "cloud misconfiguration" and did some "cryptojacking" of accounts... I know that I have heard these terms before and the first one seems pretty obvious what it is but I wanna know more about why these are such hot topics for this case so, let's take a look.
Cloud Misconfigurations
The term "Cloud Misconfiguration" is pretty straight forward... As more and more companies move their data to the "cloud", configuration of their environment becomes very important to prevent private data from being exposed to the outside world. Cloud misconfiguration is a big issue and a big fear that causes a lot of companies to not move to the cloud and it is also human error that causes cloud misconfiguration.
Companies like Amazon Web Services (AWS) have been making "incremental changes to its services and security features to curb such data exposures, including the ability to block public access for all S3 resources within an organization." (2)
What can be done?
The use of some AWS security tools (or the security tools that might be offered by whatever provider you use) such as AWS Control Tower, AWS Security Hub, or even just creating a standard configuration process in a company to help eliminate manual configuration error.
AWS Control Tower is a way to "set up and govern a new, secure, multi-account AWS environment based on best practices established through AWS’ experience working with thousands of enterprises as they move to the cloud." (3)
AWS Security Hub is a service provides a single place to aggregate, organize, and prioritize security alerts, or findings, from multiple AWS services and gives a comprehensive view of the high-priority security alerts and compliance status across AWS accounts.(4)
Cryptojacking
Cryptojacking is a big more malicious as it "is the unauthorized use of someone else’s computer to mine cryptocurrency." (5) It happens a lot like any other malware gets into a computer... a user clicks on a link that downloads executable code into their computer or a website is hijacked with JavaScript to auto-execute on page load and POOF! The users computer is now mining cryptocurrency in the background (probably) without the user even knowing it was happening.
I find cryptojacking interesting because it doesn't necessarily require a lot of technical skills but more so access to the Dark Web to buy a kit that will take care of things for the miner. This type of malware has become more popular than blocking a user from using the computer as it can be more lucrative for the minor to be less noticed.
References
- https://www.secureworldexpo.com/industry-news/capital-one-hacker-other-companies-indictment?utm_content=99837444&utm_medium=social&utm_source=linkedin&hss_channel=lcp-106644
- https://searchcloudsecurity.techtarget.com/news/252465909/AWS-customers-tackle-cloud-misconfigurations-and-data-exposures
- https://aws.amazon.com/controltower/
- https://aws.amazon.com/about-aws/whats-new/2018/11/introducing-aws-security-hub/
- https://www.csoonline.com/article/3253572/what-is-cryptojacking-how-to-prevent-detect-and-recover-from-it.html
- https://www.malwarebytes.com/cryptojacking/
Top comments (0)