On December 14th the 1st tournament of the 3rd season of the Cyber Fortress League was repeated. The CFL teams already knew that the Attack on a digital service provider scenario would be repeated. The gameplay scenario was based on an attack aimed at taking over cloud resources and then using them to mine cryptocurrencies.
The teams impersonated a large company, which, according to the Act on the National Cybersecurity System, is a provider of digital services. The Act imposes a number of obligations on digital service providers, the most important of which is the organization of the service provided using such technical and organizational measures that enable risk management to which IT systems used to provide services are exposed and guarantee cyber security. For non-compliance with UKSC requirements, a digital service provider may be fined from PLN 15,000. This company uses cloud services from other providers, which it uses to create and share websites that also process customers’ personal data. The task was to protect infrastructure in the cloud and customer data.
The attackers gained access to cloud resources, possibly exploiting an unsecured Kubernetes cluster dashboard. The Kubernetes container was used to mine cryptocurrencies. The attackers probably also obtained credentials for the S3 bucket and the data contained therein.
You can find the leaderboard soon in the Season 3 Leaderboard tab.