Over the past couple of years, cryptocurrencies have become less of a fringe geek fad and more of a significant financial player. The price of Bitcoin alone has increased astronomically in the past 14 months, crossing the $500 USD level in May 2016 and not looking back since. As of today, the spot price for Bitcoin is over $2,700 USD.
!(https://lh3.googleusercontent.com/Ccr-9Wnd0HijPZUASeDCgRq0hs1ITXs7ziSEon_Pjmclp4hjaUrTNx_cuz_F7ItqAuS2kgcDfP3rRfJ7P0WFEk_s6TYQ3Kce4D1MeCLey6yZ2_c72Uuap4t01UXNe8QbfktsaJnB “One year growth chart for Bitcoin (in USD)” =602x241)
While this is not a post focused on Bitcoin, understanding a bit about the cryptocurrency helps bring this blog into context. At a very basic level, Bitcoin is given out as a reward for completing a batch of mathematical calculations over a certain time period (10 minutes). The first person (or group of people) to complete the batch of calculations gets the Bitcoin. This is referred to as Bitcoin mining, and a similar process is used for obtaining other cryptocurrencies (i.e. Ethereum). In short, the greater the computing power, the faster the math gets done, and the higher the likelihood you or your group “win” the Bitcoin.
Recently, a Reddit user posted that his AWS infrastructure had been hacked, with the intruder spinning up over five hundred EC2 instances for the specific purpose of mining Bitcoin. These were most likely the largest available EC2 instances, as the hacker wanted the highest capacity CPU available to maximize processing and complete the Bitcoin math problems quicker. These instances were presumably running at capacity, with every drop of computing power dedicated to mining. The intrusion was detected and the EC2 instances decommissioned, but I shudder to think at the fees incurred.
Cloud Conformity’s monitoring software maintains a list of over 270 rules (growing weekly), guided by best practices championed by the AWS Well-Architected Framework and Center for Internet Security. Combined with Real-Time Monitoring, the Cloud Conformity Bot would have not only detected the hacker spinning up the instances, but would have immediately notified DevOps administrators of the illicit activity on their infrastructure.
Here are some examples of rules within Cloud Conformity that would have helped prevent this type of hack, in addition to mitigating any damage the hacker may have done upon gaining entry.
- Ensure only approved machine images are used
- Detect if instances being deployed are bigger than standard
- Set a limit on the number of instances allowed
As much as we all work to ensure that our networks remain safe and secure, the fact of the matter is that intrusion protection is almost always reactive as opposed to proactive. Hackers are always finding new ways to break in, and best practices are typically developed in response to recently discovered shortfalls in security.
When managing and securing your infrastructure, build the best defense you can, but don’t forget to plan for when those defenses fail. Ensure that you’re monitoring your AWS infrastructure in real-time, and choose a security partner that offers proactive notification via integrations with multiple ticketing and communication channels.
If you would like to know more about securing your infrastructure, while ensuring it remains optimized and compliant, visit the Cloud Conformity website and set up a demo or sign up for a free trial. Don’t let your organization’s EC2 mine for someone else’s Bitcoin.