It’s been a busy few months for those tracking cybersecurity breaches. Considering that this quarter alone has seen headlines for British Airways identifying additional victims behind its already significant breach, Facebook’s massive messaging leak and Yahoo’s significant payout related to earlier data breaches, there are plenty of high profile cases that reinforce the importance of good cybersecurity when operating on the web.
But these are just the tip of the iceberg that security researchers have started to identify. As an example, there’s a great piece of research relating to Docker API’s being exploited to run crypto-mining operations. I find this particular breach interesting because it’s a great demonstration of the “perfect storm” of technologies that make future attacks more likely.
First of all, Docker’s ease of use has made it possible for rapid deployment and expansion of the increasingly complex web applications that drive bleeding edge technology companies. For many web technologies, the main barrier for entry is making it easy enough for anyone to use, and Docker has certainly captured the imagination of those seeking to get into DevOps and improving services.
Unfortunately, once a technology reaches a certain level of popularity, it suddenly becomes much more of an interesting target for cyber-villains.
API’s and interconnectivity between applications are a key component of the modern web, too – providing connectivity threads that are critical pipelines for delivering interconnected services. These APIs, however, also offer a new opportunity for exploits – especially when they’re misconfigured.
Finally, one of the big trends we’ve seen recently is a move away from ransomware and towards cryptocurrency mining.
Whilst ransomware was easily one of the largest growth areas in security attacks last year and relatively easy to employ as a mechanic for profiting from an attack, it was an approach that left the attacker at risk since they typically required direct end-user interaction to make payments to the thief. Crypto-mining, on the other hand, especially on server infrastructure, can often go over-looked and operate for some time without anyone noticing.
A subtle attacker can get away with large scale, low key operations over time without users being made aware. (I often liken this to the idea that whilst bank heists will often make the headlines, the reality of theft is typically medium to small value goods that are less likely to arouse the suspicion of security services until it’s too late.)
Requiring little additional exploration, (Although, if successful, a cleverly designed attack could easily expand and grow very rapidly.) these type of attacks need be dependent on significant misconfigurations, either. Just one weakness can be enough to allow for attackers to get their foot in the door, and that’s probably enough for them to achieve their goals.
And even if crypto-mining operations are caught quickly, a smart thief will likely have still been able to grab some useful ransom information along the way from any insecure data-stores within the infrastructure they’ve been exploiting. Having a “backup” method of profiting from an attack means attackers are no longer forced to be “all in” on a single method to take advantage of a successful exploit.
With more methods than ever to make money out of the successful penetration of a network, an ever increasing range of ways to achieve entry and simply more things for them to attack due to the popularity of internet facing technology, it’s becoming more profitable for attackers to operate – and that means we’re likely to see more security incidents going forward.
Not all of these breaches will make the headlines, but I’d be very surprised with the aforementioned storm clouds becoming a permanent weather feature for those charting a course online that we don’t see regular news of further hacks over the years to come. Now, more than ever then, it’s important to remain proactive and up-to-date with your security solution so your business isn’t the next victim.