View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Cloud Cryptojacking Affecting 25% of Organisations

Cloud cryptojacking is rampant, warns RedLock

By Shrina Gohil

A quarter of all businesses are suffering from cloud “cryptojacking”, according to new research from information security company RedLock this week, with their computing resources being hijacked to mine cryptocurrencies.

The cloud security specialists advised businesses to implement a ‘deny all’ default outbound firewall policy and closely monitor network security to stay ahead of suspicious traffic involving cryptomining activity.

Chris Doman, security researcher at AlienVault told Computer Business Review: Most of these attacks are opportunistic – the attackers scan the internet for vulnerable systems in any environment, many of which are with cloud providers”.

The report comes after RedLock also found that poor cloud storage configuration is rampant, 51 percent of businesses including names like Deep Root Analytics, FedEx and Under Armour all having inadvertently exposed at least one cloud storage service.

Mitigations to Cryptojacking Risks

In a past report, RedLock also discovered specific hacker infiltrations in Tesla, Aviva and Gemalto public cloud environments to mine cryptocurrency and there is evidence that attackers are now using advanced intrusion schemes.

Some 43 percent of all organisations still have not administrated cloud access keys in more than 90 days, a high level risk to exposure. Luckily, only 20 percent of organisations only allow the root user account (administrator) to execute activities, a significant drop from the 73 percent reported in a past report.

“Cloud computing environments bring tremendous flexibility and great economies of scale, but those advantages are meaningless without top-level security”, explained Gaurav Kumar, CTO of Redlock.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

In relation, another explanation by Redlock explains companies should ensure cloud resources are automatically discovered and constantly monitored for compliance across all cloud environments to maintain robust cloud security.

The amount of effort cloud providers put into maintaining and securing the services, the odds of detecting an intrusion and understanding how data would be separate from other users of the service are all important factors in securing cloud services, demonstrated by the National Cyber Security Centre (NCSC).

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.