Google warns users of malicious actors using its Google cloud platform to mine cryptocurrency. In its latest cloud threat intelligence report called “Threat Horizon”, which provides users with security insights, the company informed that 86% of the infected instances on the Google Cloud platform were used to mine cryptocurrency. Most accounts under attack use weak passwords or no passwords at all.
Google Cloud is used to mine cryptocurrency
The software giant Google is alerting users to malicious actors who use compromised Google Cloud accounts to mine cryptocurrencies. Google Cloud accounts have access to processing power that can be easily redirected to perform malicious tasks. According to Google’s first “Threat Horizon” report to raise awareness of its platform’s security vulnerabilities, 86% of stolen accounts were used for this purpose.
The report pointed out that cryptocurrency mining in the cloud can lead to high utilization of CPU and/or GPU power. It also refers to the mining of alternative cryptocurrencies such as Chia, which use storage space as a mining resource.
Causes and mitigation measures
The first reason that the checked Google Cloud instance is compromised is poor security due to different issues. One of the problems is that the password to access the platform is weak or non-existent, or the instance lacks API authentication. If basic security measures are not applied, malicious actors can easily control these platforms. Other cloud platforms also face similar problems.
Most research cases downloaded cryptocurrency mining software less than 22 seconds after being hacked. This indicates that there are systematic attacks on these unsafe instances whose sole purpose is to use them for this purpose. In addition, given that 40% of unsafe instances were compromised within 8 hours of deployment, malicious actors appear to be actively tracking these unsafe Google instances. Google said:
This means that the public IP address space is regularly scanned for vulnerable cloud instances. This is not a question of whether a vulnerable cloud instance is detected, but a question of when.
In order to reduce these risks, the report recommends that users follow basic best security practices and implement container analysis and network scanning. These tools will use different techniques (such as crawling) to detect system security vulnerabilities.
What do you think about malicious actors using Google Instances to mine cryptocurrency? Tell us in the comments section below.
Image Source: Shutterstock, Pixabay, Wikimedia Commons
Disclaimer: This article is for reference only. It is not a direct offer or invitation to buy or sell, nor is it a recommendation or endorsement of any product, service or company. Bitcoin.com does not provide investment, tax, legal or accounting advice. The company or the author is not directly or indirectly responsible for any damage or loss caused or claimed to be caused by using or relying on any content, goods or services mentioned in this article.