Where Rubber Meets the Road: Exposed Credentials in DevOps Tools Facilitate Cryptocurrency Mining

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

Cloud and DevOps enable powerful, transformational advances across many businesses – from finance to manufacturing. But, what happens when a cyber attacker gets a hold of the access keys to the cloud account of a leading automobile manufacturer? Well, as learned in the recently reported breach at Tesla, the attackers exploited access to mine for cryptocurrency!

Reportedly, attackers discovered an unprotected DevOps tool belonging to Telsa. In this case it was a Kubernetes console that exposed AWS Access Keys. With these credentials, the attackers gained access to Telsa’s cloud environment. Once the attackers had the AWS Access keys, they were able to set up scripts to mine for cryptocurrency using the stolen compute resources.

Cryptocurrency mining using a hacked cloud account is becoming increasingly popular with hackers, especially given the recent increases in cryptocurrency values – it’s viewed as an easy route to monetize an attack. But this type of attack could have been worse. Once the attackers have the access keys, they can access other cloud resources, copy sensitive data, and do other damage to the enterprise’s cloud workloads.

Unprotected DevOps Tools – A Growing Vulnerability

This breach serves as a powerful warning to prioritize management of the access and credentials for the DevOps and automation tools used throughout the CI/CD pipeline.

Three Key Takeaways from the Tesla Breach

  1. Protect your cloud credentials and access keys. Cloud credentials, such as AWS Access Keys, are very powerful. In the wrong hands they give unauthorized access to compute resources and sensitive data. Essentially, the access keys and cloud management console really do hold the keys to the cloud kingdom.
  2. Proactively check if your cloud resources are being used for cryptocurrency mining. Because cloud compute resources are powerful and can be assigned dynamically, they are attractive targets for cryptocurrency miners. Cryptocurrency mining enables attackers to readily monetize their attack, at the enterprises’ expense (The attacker gets the cryptocurrency, and the enterprise pays the compute bill). As with other attacks, it may be a while before the enterprise detects the problem.
  3. Protect the admin consoles for all your DevOps and other automation tools. DevOps tools admin consoles can be potential vulnerabilities and act as entry points that need to be protected. With DevOps pipelines comprising multiple tools there are multiple potential entry points.

Organizations Must Proactively Secure DevOps and Cloud Environments

Whether your enterprise fully embraces DevOps or is just starting to adopt automation and DevOps, it is clear that the credentials for the admin consoles for DevOps and automation tools need to be secured and managed. The potential risks of cryptocurrency mining can be greatly reduced by maintaining basic cyber hygiene best practices to address and secure DevOps and cloud environments. Risk management for CI/CD pipelines and the cloud needs to be prioritized with the same, consistent policy enforcement that organizations use on-premises.

Securing the admin consoles for an organization’s DevOps and automation tools and cloud management consoles are basic first steps.

As a next step, consider attending a CyberArk DevOps workshop, talking to one of our DevOps experts, scheduling a demo, or start using CyberArk Conjur open source edition by following the “Simple Steps to Protect Your DevOps Tools from Cryptocurrency Miners” outlined in the technical blog on Conjur.org.

The post Where Rubber Meets the Road: Exposed Credentials in DevOps Tools Facilitate Cryptocurrency Mining appeared first on CyberArk.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
982 Followers
About CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyber threats before attacks can escalate and do irreparable business damage. CyberArk is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications, while ensuring tight regulatory compliance and audit requirements.
Promoted Content
7 COMMON PRACTICES THAT MAKE YOUR ENTERPRISE VULNERABLE TO A CYBER ATTACK
Advanced cyber attacks involve compromised privileged accounts. Cyber attackers target them because they represent the keys to the IT kingdom. Effective enterprise security includes proactively protecting privileged accounts. Industry experts have identified practices that increase an organization’s vulnerability to a cyber attack. How many of these are common at your organization?

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel