Google has cautioned that cryptocurrency miners are using compromised Google Cloud accounts for computationally intensive mining.
In a report published Wednesday, the search giant’s cybersecurity team detailed the security compromise. The so-called “Threat Horizons” report attempts to give enterprises intelligence that enables them to secure their cloud systems.
According to Google, 86% of 50 assessed occurrences involving the Google Cloud Protocol (GCP) were tied to crypto mining. The hackers utilized the breached Cloud accounts to gain access to the CPUs or GPUs of individual users in order to mine tokens or to take advantage of storage space when mining currencies on the Chia Network.
Sitting duck
However, Google’s team claimed that many of the attacks were not restricted to a single destructive action, such as crypto mining, but also served as staging areas for future intrusions and the identification of other vulnerable systems.
The cybersecurity team determined that the perpetrators typically got access to Cloud accounts as a result of “poor customer security procedures” or “weak third-party software.”
Additionally, the team identified the following threats: Russian state hackers attempting to obtain users’ passwords by warning them that they have been targeted by government-backed attackers; North Korean hackers masquerading as employment recruiters from telecoms companies; and the application of heavy encryption in ransomware attacks.
Extra layer of protection needed
“Mining” refers to the process of regulating and verifying blockchains, such as those that underpin cryptocurrencies, which need a substantial amount of computational power.
“Malicious actors were detected mining cryptocurrencies within compromised Cloud instances,” Google stated in the report’s executive summary.
Google also said that more than 80% of 50 recent intrusions and theft of its cloud computing service were used to conduct cryptocurrency mining.
Google recommends two-factor authentication – an additional layer of protection on top of a generic user name and password – and enrolling in the company’s work safer security program to its cloud clients.
Image courtesy of Cointelegraph News/YouTube