TMCnet News
RedLock Releases Cloud Security Report Highlighting Focus on Shared Responsibilities, Uncovers Cloud-Related Exposures at TeslaRedLock, the Cloud Threat Defense company, today released the latest "Cloud Security Trends" report from the RedLock Cloud Security Intelligence (CSI (News - Alert)) team, a group of elite security analysts, data scientists and data engineers, that uncovers serious threat vectors and highlights the need for shared responsibility for security within a public cloud environment. The RedLock CSI team also revealed that hackers infiltrated a public cloud environment owned by Tesla, the renowned company specializing in electric automotives, energy storage and solar panel manufacturing. This press release features multimedia. View the full release here: http://www.businesswire.com/news/home/20180220005222/en/ RedLock Cloud Security Trends (Graphic: Business Wire) The new report offers a compelling look at the threats and vulnerabilities that continue to mount in public cloud computing environments. Among the findings:
The Tesla findings build on research from last year, when the CSI team found that hundreds of Kubernetes administration consoles were accessible over the internet without password protection, and were leaking credentials to other critical applications. In Tesla's case, the cyber thieves gained access to Tesla's Kubernetes administrative console, which exposed access credentials to Tesla's AWS environment. Those credentials provided unfettered access to non-public Tesla information stored in Amazon Simple Storage Service (S3) buckets. In addition, the cyber thieves performed cryptojacking using Tesla's cloud compute resources and employed specific techniques to evade detection. For example, instead of the more familiar public 'mining pool,' they installed mining pool software and configured the malicious script to connect to an 'unlisted' endpoint. That makes it harder for standard IP/domain-based threat intelligence feeds to detect malicious activity. Other tricks included hiding the true IP address of the mining pool server behind CloudFlare, and likely keeping CPU usage low to further evade detection. Please read the following blog post for additional details about the Tesla incident: http://blog.redlock.io/cryptojacking-tesla "The message from this research is loud and clear-the unmistakable potential of cloud environments is seriously compromised by sophisticated hackers identifying easy-to-exploit vulnerabilities," said Gaurav Kumar, CTO of RedLock and head of the CSI team. "In our analysis, cloud service providers such as Amazon, Microsoft (News - Alert) and Google are trying to do their part, and none of the major breaches in 2017 was caused by their negligence. However, security is a shared responsibility: Organizations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities. Without that, anything the providers do will never be enough." A full version of the report is available for download at https://info.redlock.io/cloud-security-trends-feb2018 RedLock will host a webinar about the findings in this report on March 29, 2018 at 10:00am PST/ 1:00pm EST. Please register at https://info.redlock.io/cloud-security-trends-and-cryptojacking-webinar to learn about current and emerging threats to AWS, Azure, and Google (News - Alert) Cloud environments, analyze the Tesla cryptojacking incident to understand the attack kill chain and see a live demo of cloud threat defense for tips to protect your public cloud environment. View source version on businesswire.com: http://www.businesswire.com/news/home/20180220005222/en/ |