back to article Crypto-coin miners caught toiling away in hacked cloud boxes

Here's yet another reason to make sure you lock down your clutch of cloud services: cryptocurrency mining. Security outfit RedLock's security trends report [PDF], out this month, said developers and organizations are not securing their AWS, Azure and Google Cloud Platform systems, allowing miscreants to hijack them to steal …

Silver badge
Pirate

Security company?

RedLock says companies stung this way included security company Gemalto and....

Whoa... hold on there. This is not a sterling recommendation for their services is it? Especially one touting themselves as a "world leader in digital security".

4
0
Silver badge

Re: Security company?

Based on recent events at Deloitte and Equifax I'd say this is par for the course for a security company.

6
0
Anonymous Coward

The only safe way to use of the Cloud ...

... is not to use it.

8
2
Silver badge
Mushroom

Re: The only safe way to use of the Cloud ...

The only safe thing to do is fire the stupid people who think its ok to have a password of password.

5
0
Silver badge
Coat

Re: The only safe way to use of the Cloud ...

@Captain Scarlet

You're right. It's totally insecure to make your password be password.

Do what I do. Make your username be password and your password be username. They'll never guess that.

6
0
Silver badge

Re: The only safe way to use of the Cloud ...

I'm reminded of an Eric the Penguin cartoon*. Eric says his password is INCORRECT because every time he puts in the wrong password or forgets it the system tells him his password is INCORRECT.

I have the 2017 calendar.

3
0

The blind leading the blind

Often, foolishly, users of cloud services rely absolutely on the cloud provider to deploy enhanced secure systems as standard. They don't...

Solution: Provide your own hardened systems configuration standards when setting up, and continually monitor for compliance and vulnerabilities.

Don't forget to conduct penetration tests, and undertake more frequently for critical applications / solutions.

4
0
Facepalm

Re: The blind leading the blind

Amazon clearly state - 'shared security model'.

The end users clearly haven't done their part.

Just don't mention putting creds in public github ...

2
0
Silver badge

Password?

“found a number of Kubernetes administrative consoles deployed on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform that were not password protected,”

The fact that this is possible is disappointing.

2
0
Anonymous Coward

Defaults?

I use AWS quite alot and it's default firewall rules are all closed.

I need to generate a key file for ssh access, what default creds am I missing?

0
0
Silver badge

215 kWH

I wonder if Cloud vendors have factored the above into their prices.

A bit like things like tethering, when such "unintended usages" surface the Service affected hit back by invoking their safety net Acceptable Usage Policy (1) throttling or curtailing or (2) charging an excess for the usage not deemed acceptable.

Will this happen in this case?

0
0
Silver badge

I'm waiting for some admin to be found out he/she is using the company's servers to mine. Just a matter of time, I guess.

0
0
Bronze badge
Angel

Reverse-Cloud: Distributed Computing Service Provider

Sadly, these days I am not surprised that no one takes security seriously. No password protection? Sure! Saves time logging in, right?

I am however surprised that companies don't reverse-cloud with a distributed-computing client installed on every PC in their network in order to sell the processing power of unused cycles to world+dog. (After all, no one cares about security anymore, so why not...)

Sadly, I can even see companies running a reverse-cloud (on all of their PCs that were turned into thin clients when they moved all of their corporate systems to the cloud) in order to help pay for their cloud services.

And then complaining about how their voip phones all suck, oblivious to their networks not being able to handle the load of cloud + reverse-cloud + voip.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018