Atlassian thwarts bitcoin mining attack on Kubernetes environment

iTnews | March 29, 2019

Atlassian thwarts bitcoin mining attack on Kubernetes environment
Attacker sought to exploit free tier of CI/CD service. Atlassian has revealed how it stopped a bad actor from exploiting free build minutes in its Bitbucket Pipelines service to mine cryptocurrency. The Australian software maker did not say when the attempted bitcoin mining abuse incident occurred, but indicated that it had been able to contain the attack within 15 minutes of it starting. Bitbucket Pipelines is an integrated continuous integration and continuous delivery (CI/CD) service within the Bitbucket code repository that provides a way to move code from development into production. New builds run inside Docker containers on Atlassian’s Kubernetes-based infrastructure. Bitbucket Pipelines has a free tier which includes 50 build minutes a month - machine time that the attacker tried to exploit. “We offer Bitbucket Pipelines to the public where any developer hosting their code in Bitbucket can quickly set up a build pipeline from a simple YAML file to continuously integrate, build, and deploy their code,” Atlassian’s Kubernetes platform lead Corey Johnston said.

Spotlight

This paper details to IT leadership the importance of cyber resilience in the face of evolving cyber threats. It defines the state of cyber resilience and the importance of security intelligence in achieving it. Finally, it paints a picture of the future of security.

Related News

DATA SECURITY

Evolution Equity Partners Expands Focused Investment Platform for Cybersecurity

prnewswire | December 23, 2020

In 2020, Evolution activated a $250m Fund after fully investing a $125m Fund in 2019 and increased AUM to over $675m. The firm completed 8 investments this year including: Quantexa – London based market leader in financial crime detection and real time AML/KYC. $56m Series C Round led by Evolution. Unbound Technologies – New York City/Tel Aviv based market leader in secure multi-party computation and cryptographic keys. $20m Series B Round led by Evolution. Awake Security – Palo Alto based leading network security platform. $36m Series C Led by Evolution. (Stealth Company) – London based Quantum cybersecurity company. Early-stage financing led by Evolution. Existing portfolio companies raised follow on rounds of financing in 2020 including: DefinedCrowd – Seattle based AI/ML data platform leader. Panaseer – London based continuous control monitoring cybersecurity leader. Onapsis - Boston based application cybersecurity leader. Logpoint – Copenhagen based security incident and event management (SIEM) leader. CounterCraft – London based cyber deception and threat intelligence platform. Evolution cybersecurity portfolio companies growth news: Security Scorecard – Security Scorecard Accelerates on Pathway to 20 million Rated Companies Truefort – Winner of 2020 Red Herring Top 100 North America Award DFLabs – IncMan SOAR SaaS Cloud Platform Drives Growth Richard Seewald, Founder & Managing Partner at Evolution, stated: "In 2020 Evolution continued to add talent and assets to a team of leading cybersecurity investors and company builders while partnering with trailblazing software companies expanding in global markets. As we look to 2021, there are a unique set of conditions that set the stage for cybersecurity entrepreneurs to make meaningful impact protecting critical infrastructure in cyberspace. Evolution is privileged to be partnering with these great companies." Awards Among many notable accolades awarded in 2020 to Evolution and our portfolio, we are pleased to be working with some of the fasted growing cybersecurity and enterprise software companies in the world. Platform Expansion Evolution launched a London office to compliment Palo Alto, New York City and Zurich and added professionals to expand the platform of expertise that serves portfolio companies. The firm has 15 investment professionals including two recent hires: Ollie Bone, Associate – Prior to joining Evolution, Ollie led venture scouting for global corporates in defense, manufacturing and consulting. He ran an accelerator program for cybersecurity scaleups building a UK and global support network for founders where he worked with leading cybersecurity companies. Eduardo Martinez, Associate – Eduardo is an associate at Evolution Equity Partners focused on sourcing and monitoring investment opportunities across the technology sector. He is in charge of portfolio management and reporting, performing valuation analysis and due diligence of investments.

Read More

DATA SECURITY

Strong customer growth and recruits continue to increase security Notable security sales executive to scale rapid expansion

businesswire | December 17, 2020

Elevate Security, the first human risk management platform of its kind, today announced the appointment of security sales expert, Carolyn Hieken as Vice President of Sales to join its executive leadership team. Hieken will spearhead Elevate Security’s strategic growth objectives further expanding customer impact to improve the way security teams measure, communicate and reduce employee risk. “Carolyn is a powerhouse and brings more than 25 years of security and technology sales experience to Elevate Security,” said Robert Fly, CEO, Elevate Security. “Her proven expertise in developing Fortune 1000 enterprise partnerships and growing teams is the exact talent we needed to expedite Elevate Security’s expansion.” Elevate Security recruits Hieken on the heels of a successful series A1 investment round. Despite the COVID-19 pandemic, Elevate Security has doubled its customer base since the beginning of the year. As Elevate Security achieves continued customer growth, so does the company’s measurable impact on security resilience - Elevate Security reported influencing more than two million positive security decisions across the installed base resulting in prevented incidents and proven improvement to cyber resilience. “Elevate Security is solving the security industry's greatest challenge which presents tremendous expansion opportunities. The Elevate Security team has established solid success to-date, and I am excited to further scale and accelerate our impact to help more organizations optimize their security technology spend, reduce employee risk and improve their overall cyber resilience,” said Hieken. Hieken brings more than 25 years of technology and security expertise to the Elevate Security team with previous leadership roles at McAfee, Imperva and CA Software. About Elevate Security Elevate Security, the leader in Human Risk Management software, helps security leaders in enterprises measure, reduce and communicate human risk to keep their companies safe from cyber threats. One of the most challenging aspects of building a cybersecurity program is the human risk component. Elevate Security provides a way to quantify this human risk across the entire organization using security incident data that is already available. Quantifying human risk and analyzing it as part of an overall cyber risk framework provides unique insights to the Chief Information Security Officer (CISO). Armed with this insight, CISO’s are in a much better position to optimize their security technology spend, focus their monitoring and detection capabilities on the high risk groups and strengthen their overall cyber defense strategy. Medium and large enterprises across industries, from financial services, technology, healthcare and more, have benefited from increased cyber resilience by incorporating Elevate Security into their security infrastructure.

Read More

Cisco to Secure Its Blockchain-as-a-Service (BaaS) Platform for enterprise security

Cisco | June 10, 2020

Cisco has done some work on its own enterprise blockchain tools, the networking firm is also using blockchain internally. Cisco’s StealthWatch Cloud will be embedded in the enterprise blockchain platform offered by Lambda 256. The StealthWatch solution uses machine learning and behavioral modeling to respond to cybersecurity threats. South Korea’s Lambda 256 has partnered with Cisco for the security of its Blockchain as a Service (BaaS) platform, Luniverse. Cisco’s StealthWatch Cloud will be embedded in the enterprise blockchain platform offered by Lambda 256. The StealthWatch solution uses machine learning and behavioral modeling to respond to cybersecurity threats. Luniverse supports Hyperledger Fabric in its BaaS hosting offering. Even though this offering is enterprise focused, the company’s heritage is in the cryptocurrency sector. Lambda 256 is part of Dunamu, which operates the Upbit crypto exchange and also a venture investment fund with ten blockchain investments. While Cisco has done some work on its own enterprise blockchain tools, the networking firm is also using blockchain internally. Four months ago, it partnered with NEC to use blockchain to ensure the authenticity of its networking equipment and make sure software is not tampered with. Cisco is also a participant in the Trust Your Supplier offering from Chainyard to manager supplier qualifications. Other members include IBM, Lenovo and Nokia. Read more: CISCO'S 6 UNPATCHED INTERNAL SERVERS COMPROMISED While most technologies aim to improve enterprise and societal problems, blockchain technology could stand out given its transparency and security while remaining decentralized and inclusive. ~ Cisco Much has been written about blockchain’s potential as well as its unfulfilled promises. While blockchain is distributed and secure, verifying transactions through the network can be slow. As observers have indicated, blockchain could change industries, from finance to healthcare. From its origins as an airtight validation mechanism for bitcoin, a digital currency, enterprise blockchain technology has made its way into a range of industries, as it secures any valued digital asset. It does so by recording digital asset transactions—payments, medical records, votes, and potentially many other things. Blockchain is seen as immutable and secure because the permanent, append-only ledger is distributed among blocks across many physical storage nodes. Code can be embedded in the blockchain to customize its security and behavior even further. The result is a network of nodes that can locate relevant data – but that is protected from malicious hackers, because the hack would have to solve every hash solution in the chain–and the hash solutions are all spontaneous. It's easy to see how the complexity of the security rules outlined above, computationally intensive as they are, would make a blockchain as slow as molasses–and most are. Early blockchains could manage only one or two transactions per second, and even today, five to seven transactions per second is considered blindingly fast. That's a deal breaker in many scenarios. Conceptually, a blockchain is a decentralized, distributed network. In practice, however, since every node in the network is aware of every transaction, a consensus protocol is required–and that forces a tradeoff between decentralization and low transaction throughput. The methodologies emerging for scenario-specific blockchain implementation inevitably add a layer of complexity to an already complex undertaking. This complexity is the cost of doing business for a technology that swings for the fences quite assertively in an Internet-driven world, rife with security threats and infrastructural compromise. But any enterprise capable of wrestling with the intricate elegance of blockchain in the first place should be up to that task, and should reap game-changing rewards. Read more: GOOGLE TOP CHOICE FOR CYBERCRIMINALS FOR BRAND-IMPERSONATION SPEAR-PHISHING CAMPAIGNS

Read More

Spotlight

This paper details to IT leadership the importance of cyber resilience in the face of evolving cyber threats. It defines the state of cyber resilience and the importance of security intelligence in achieving it. Finally, it paints a picture of the future of security.