Skip to main content

Potential Cloud-Native Cryptomining Attack

This alert occurs when Lacework detects unauthorized cryptocurrency mining on your cloud-native infrastructure.

Why this Alert is Important

A cryptomining attack presents a unique set of cybersecurity challenges and may also indicate poor overall cybersecurity.

Investigation

To determine your organization's exposure to cryptocurrency mining attacks, search for any of the following vulnerabilities that most attackers exploit:

  • Weak password or no password for user accounts
  • Vulnerabilities in third-party software
  • Misconfigurations in your cloud-native environment or in third-party applications that you're running on your cloud-native environment
  • Leaked credentials, such as service account keys published in public GitHub repositories

Resolution

Attackers can exploit unguarded or mismanaged accounts to gain access to your Compute Engine resources. Implement the following best practices to lower your risk of a cryptomining attack:

  • Restrict access to your cloud environment
  • Set up MFA or 2FA
  • Configure least privilege
  • Monitor accounts
  • Reduce internet exposure to your Compute Engine and container resources by restricting external traffic, using service perimeters, setting up zero trust security
  • Secure your Compute Engine and container resources by securing your VM images, securing SSH access to VMs, restricting service accounts, monitoring usage of service accounts and service account keys
  • Rotate encryption keys regularly and avoid downloading secrets