What are you Securing
One of the hottest investments and hottest brands on the planet over the past couple of years has been Tesla. Growth in the value of Tesla has propelled Elon Musk to be the richest man on the planet (at least on paper). Imagine if you were able to get the inside track on Tesla, to have sight in their greatest secrets. In June 2019, Tesla Motors was reported to have been hacked and yet no commercial secrets were stolen, no damage done. So, what happened and why?
If someone managed to virtually break into Tesla and they did not access what could have been incredibly valuable trade secrets, then what did they really want?
The cloud presents new opportunities for criminals. With the public cloud, you have a public doorway and a lock. If you do not lock the door properly, people will come and help themselves. We regularly read of accidental exposure of data from the public cloud or from hackers stealing data. Organisations are getting wiser and locking the door (or at least only allowing in whom they want).
Now a new form of theft is occurring. Not of data, not of malicious acts, but simply of the compute time. Crypto miners are always hungry for compute cycles (the process of mining crypto is estimated to consume about 91TWh of electricity per year, which is more than Finland consumes).
Back to Tesla, the thieves were in there purely to steal CPU cycles (and by inference electricity). They were not interested in some of the most valuable commercial secrets on the planet, indeed there was a debate as to whether the hacker even knew this was Tesla’s account!
They had come in not through the front door (via terminal access, webservers or via a cloud bucket), instead, they had gained access via the console. This permitted them access to the ability to create new virtual machines and take advantage of other resources.
The cloud is someone else’s computer. No matter what you do with it, you should always remember you are renting space on someone else’s computer.
First, obviously, there is a potential data loss which could lead to direct or indirect monetary loss.
Secondly, there is reputational damage. More insidious are the hackers who do not want your data, do not want to do you damage, they want to steal CPU cycles. You cannot prove that they did not do any damage or steal data, so the potential for reputational damage is great especially in industries where confidentiality is paramount.
Securing your access to someone else’s computer requires more than looking at the front door (the web services, the data buckets), even where there is no access to data that could be compromised, access should be fully secure, and potential intrusion looked for. You should examine accounts where you may consider the risk of loss is low (e.g. an experimental account with no valuable data or code), a media frenzy around that could still create a reputational loss.
Consider regular checks of audit and billing information to ensure unusual activity is identified. In many enterprise monitoring packages, there is the ability to alert on unusual activity (where network traffic or CPU usage varies from a normal pattern). Use these to spot this new threat.
Finally, speaking of the media you should consider your media response strategy for these cases as well. The mere mention of a major company losing access does not play well even if there was no damage. The loss of reputation can be far more damaging than any other direct impact.