In the fight against cyber crime, companies now have a new enemy to fear: hackers in pursuit of bitcoin.
The security intelligence group RedLock’s latest report on cloud security revealed the new trend of hackers infiltrating cloud servers to mine for bitcoin.
In particular, RedLock said that two multinational corporations, insurance provider Aviva and security company Gemalto, were implicated.
Hackers had gained access to their Amazon Web Services cloud servers as they were not password protected. They then used the resources to mine bitcoins.
RedLock’s CSI team made the discovery, after finding Kubernetes administrative consoles – an open-source Google-created technology for writing apps for the cloud – deployed on cloud services including AWS, Microsoft Azure, and Google Cloud, that were not password protected.
This “created a window of opportunity” for potential hackers.
“Upon deeper analysis, the team discovered that hackers were executing a bitcoin mining command from one of the Kubernetes containers. The instance had effectively been turned into a parasitic bot that was performing nefarious activity over the internet,” said the report.
Mining cryptocurrency isn’t new but it appears that people are turning to creative ways in pursuit of digital currencies. Last month, it was found that the torrent site The Pirate Bay was taking advantage of its users’ computer resources to mine for the cyrptocoin Monero.
Hackers may be getting creative because mining a digital currency like bitcoin is getting increasingly harder.
This is how bitcoin is mined, according to Digital Trends:
“[Miners] run tens of thousands of computers at all hours of the day in order to process blocks of the latest bitcoin transactions, with rewards coming in the form of new bitcoins.
“In effect, these miners keep tabs on and validate the 225,000 bitcoin transactions that occur on a daily basis, and as a result continuously increase the amount of currency in circulation.”
They need vast amounts of computing power in order to do this. Now, it seems like infiltrating cloud servers is the way they’re trying to do achieve their goals.
Cyber crime is becoming more sophisticated
How do you prosecute someone for bitcoin mining? The City of London thinks it might have the answer, with its proposed cyber crime court. Its purpose will be to tackle online fraud in the financial sector.
Dominic Raab, the UK’s justice minister, said:
“This new flagship court will build on UK legal services’ unique comparative advantage, by leading the drive to tackle fraud and crack down on cyber crime.”
As the ways of carrying out cyber crime become more sophisticated, it appears the law’s approach to tackling them will need to catch up.