The high cost of unqualified DevOps: Global crypto helps hits businesses

Cloud workloads running these tools are especially risky. Once compromised, the attacker exerts important computing power, resulting in unexpected cloud billing and slower application performance. Some affected nomadic clusters manage hundreds of customers, proving that even simple misconfigurations can be masked even by large, well-funded businesses.

Lock DevOps exposure

Wiz urges organizations to lock in exposed DevOps infrastructure by following identified best practices. For Nomad, executing an access control list (ACL) will prevent unverified jobs used in the activity from being executed. Public GITEA instances should be completely patched, disable the GIT hook and lock the installation unless absolutely required.

In consul, disabling script checking and binding the HTTP API to Localhost prevents unauthorized service access. As for Docker, the API is designed to keep it internal – exposing it to the Internet, especially through 0.0.0.0, opening up a straightforward path for development. Minimizing external exposure, enabling authentication and applying minimal privileged access across all tools are key steps to stop similar attacks in tracks.