At least two multi-billion-dollar companies have been hacked in order to use their Amazon Web Services (AWS) computing resources to mine Bitcoins.
Hackers were able to access Amazon’s cloud servers after finding that their Kubernetes administrative consoles were not password protected – making them, in essence, open to the public. Kubernetes is an open-source technology created by Google which automates the deployment, scaling and management of containerised apps.
“Upon deeper analysis, the team discovered that hackers were executing a Bitcoin mining command from one of the Kubernetes containers,” said a report from cloud security company RedLock. “The instance had effectively been turned into a parasitic bot that was performing nefarious activity over the internet.”
The two companies named by RedLock as being compromised are Aviva and Gemalto, both of which have been notified about the issue. The security firm also found that a number of Kubernetes consoles on Microsoft Azure and Google Cloud were also not password protected, on top of those on AWS.
In this instance, hackers exploiting the lack of protection for Bitcoin mining purposes should come as some relief to the companies. These hackers weren’t looking to steal data or find other information within their systems, so it could’ve been a whole lot worse.
Join us at the 2017 Effective Mobile Marketing Awards Ceremony, taking place in London on Thursday 16 November, to mix with the industry's best and brightest, and raise a glass to the year's best campaigns and solutions. To find out more, and to book your place, click here.