Research shows that even with cloud providers implementing strong defenses, organizations that don’t effectively monitor their own environments leave glaring weaknessesMenlo Park, CA (February 20, 2018) – RedLock, the Cloud Threat Defense company, today released the latest “Cloud Security Trends” report from the RedLock Cloud Security Intelligence (CSI) team, a group of elite security analysts, data scientists and data engineers, that uncovers serious threat vectors and highlights the need for shared responsibility for security within a public cloud environment. The CSI team also revealed that hackers infiltrated a public cloud environment owned by Tesla, the renowned company specializing in electric automotives, energy storage and solar panel manufacturing
The new report offers a compelling look at the threats and vulnerabilities that continue to mount in public cloud computing environments. Among the findings:
In the course of their work, RedLock CSI researchers also learned about the intrusion into Tesla’s public cloud environment. In this case the hackers not only gained unauthorized access to non-public Tesla data, but were also stealing compute resources within Tesla’s Amazon Web Services (AWS) environment for cryptojacking. The researchers immediately informed Tesla of its findings, and the vulnerabilities have already been addressed.
The Tesla findings build on research from last year, when the CSI team found that hundreds of Kubernetes administration consoles were accessible over the internet without password protection, and were leaking credentials to other critical applications. In Tesla’s case, the cyber thieves gained access to Tesla’s Kubernetes administrative console, which exposed access credentials to Tesla’s AWS environment. Those credentials provided unfettered access to non-public Tesla information stored in Amazon Simple Storage Service (S3) buckets.
In addition, the cyber thieves performed cryptojacking using Tesla’s cloud compute resources and employed specific techniques to evade detection. For example, instead of the more familiar public ‘mining pool,’ they installed mining pool software and configured the malicious script to connect to an ‘unlisted’ endpoint. That makes it harder for standard IP/domain-based threat intelligence feeds to detect malicious activity. Other tricks included hiding the true IP address of the mining pool server behind CloudFlare, and likely keeping CPU usage low to further evade detection. Please read the following blog post for additional details about the Tesla incident: http://blog.redlock.io/cryptojacking-tesla
“The message from this research is loud and clear—the unmistakable potential of cloud environments is seriously compromised by sophisticated hackers identifying easy-to-exploit vulnerabilities,” said Gaurav Kumar, CTO of RedLock and head of the CSI team. “In our analysis, cloud service providers such as Amazon, Microsoft and Google are trying to do their part, and none of the major breaches in 2017 was caused by their negligence. However, security is a shared responsibility: Organizations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities. Without that, anything the providers do will never be enough.”
A full version of the report is available for download at https://info.redlock.io/cloud-security-trends-feb2018
RedLock will host a webinar about the findings in this report on March 29, 2018 at 10:00am PST/ 1:00pm EST. Please register at https://info.redlock.io/cloud-security-trends-and-cryptojacking-webinar to learn about current and emerging threats to AWS, Azure, and Google Cloud environments, analyze the Tesla cryptojacking incident to understand the attack kill chain and see a live demo of cloud threat defense for tips to protect your public cloud environment.About RedLock
RedLock enables effective threat defense across Amazon Web Services, Microsoft Azure, and Google Cloud environments. The RedLock Cloud 360™ platform takes a new AI-driven approach that correlates disparate security data sets to provide comprehensive visibility, detect threats, and enable rapid response across fragmented cloud environments. With RedLock, organizations can ensure compliance, govern security, and enable security operations across public cloud computing environments.
Global brands across a variety of verticals trust RedLock to secure their public cloud computing environments. The company is backed by Sierra Ventures, Storm Ventures, Dell Technologies Capital, and other high profile investors. RedLock has received a number of industry accolades including finalist for Most Innovative Startup at RSA 2017, CRN Emerging Vendors in Security 2017, and TiE50 Winner 2017.