Google warns users that hackers are using cloud accounts poorly set up to mine cryptocurrency.
The computationally demanding activity of cryptocurrency mining can be very time-consuming. Google Cloud customers have access to it for a fee. Miners can hack Google Cloud accounts, however, for mining purposes.
In the report titled “Threat Horizons,” Google’s cybersecurity team assessed various threats to Cloud users, providing details of the breaches.
Data Shows Crypto Hacks And Fraud In 2021 Are On Track For A New Record| Data Shows Crypto Hacks And Fraud In 2021 Are On Track For A New Record
Cloud users also received cybersecurity threat intelligence from the report. The aim is to enable them “better configure their environments and defenses in manners most specific to their needs.”
Crypto miners hacking Google Accounts
The report was compiled by the cybersecurity team, which analyzed 50 compromised Google Cloud accounts. The report found that 86% of the compromised Google Cloud accounts were connected to crypto mining. “Malicious actors were observed performing cryptocurrency mining within compromised Cloud instances,” Google wrote.
Similar Reading: Ethereum Miner Revenue outpaces 2021| Ethereum Miner Revenue Outpaces Bitcoin In 2021
In addition, it was revealed that the hacker downloaded the crypto-mining software within just 22 seconds in most of the incidents. It was impossible to manually stop the attacks because they were scripted. In 10% of the cases, hackers also scanned publicly accessible resources online to find vulnerable systems. They also targeted other targets in 8 percent of cases.
According to the cybersecurity team however, these hacks weren’t the only attack.
“The cloud threat landscape in 2021 was more complex than just rogue cryptocurrency miners, of course,” wrote Bob Mechler, Google Cloud Director of the office of the Chief Information Security Officer, and Seth Rosenblatt, Google Cloud Security Editor, in a blog post.
Google Cloud users are also at risk
The team also identified a Russian group known as APT28 or Fancy Bear that was conducting phishing attacks. In a massive phishing attack, the attackers stole 12,000 Gmail account passwords. They tried to convince users to give their login details. Google claimed that it has blocked all phishing emails and that no one was compromised.
Also, the report pointed to an attack on a North Korean government-backed organization. They posed as Samsung recruiters to send fake job openings to South Korean security personnel. A malicious link was attached to the malware that is stored on Google Drive. Google claimed that it had also blocked it.
Another threat to cloud users is ransomware attacks, whereby hackers encrypt users’ data until they pay. Google refers to the Black Matter ransomware network in the report. Google remains cautious, even though the group had announced its closure earlier in this month. “Google has received reports that the Black Matter ransomware group has announced it will shut down operations given outside pressure. Until this is confirmed, Black Matter still poses a risk.”
Global crypto market valued at $2.4 Trillion. Source: TradingView.com Crypto Total Market Cap| Source: Crypto Total Market Cap from TradingView.com
Google attributes some of these attacks to users’ poor security practices. There are also security holes in third-party software users may have installed.
This report recommends several ways that you can prevent attacks like these. The report recommends enabling 2-factor authentication.
Featured Image by Dreamstime. Chart from TradingView.com