Following the news that L.A. Times website was injected with Monero cryptocurrency mining script, IT security experts commented below.
Carl Wright, Chief Revenue Officer at AttackIQ:
“Once again, hackers took advantage of a misconfiguration to inject mining script – this time the attackers went after the L.A. Times website. Like other organizations, the fallout from this attack could seriously damaging the site’s reputation, credibility and revenue streams. It’s another all too common tale for organizations– and it could have been avoided. The attack surface has significantly expanded for many enterprises – without any guarantee of uniform security controls and processes. Consequently, it’s even more imperative that organizations assume attackers are constantly testing security controls for misconfigurations. If organizations are not continuously validating their security controls at this stage of the game they are going to end up a headline. How many more epic failures that could have been prevented will it take before people start testing? This is seriously getting ridiculous.”
Zohar Alon, Co-Founder and CEO at Dome9:
“Last year, we saw a spate of breaches where hackers went after valuable data in the public cloud. But data is not the only valuable asset in the cloud. Now we’re starting to see hackers steal compute cycles for crypto mining. By flying under the radar, these illegal mining operations can go undetected for months, racking up the public cloud bill and costing millions.”
.
.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.