Hackers are now using compromised cloud accounts to mine cryptocurrency
Google recently warned users that attackers are using improperly configured cloud accounts to mine cryptocurrency report.
Cryptocurrency mining is a computationally intensive activity. Google Cloud customers can access it for a fee. However, miners are now hacking into Google Cloud accounts for mining.
In the report entitled “Threat Horizon,” Google’s cyber security team assessed various threats to cloud users and provided detailed information on violations.
The report also provides cyber security threat intelligence to cloud users. The goal is for them to “better configure their environment and defenses in a way that best suits their needs.”
Crypto miners hacked into Google accounts
In the report, the network security team analyzed 50 Google Cloud accounts that were recently compromised. Among them, 86% are related to encryption mining. “Malicious actors were observed to conduct cryptocurrency mining in infected cloud instances,” Google wrote.
Related Reading | Ethereum miners earn more than Bitcoin in 2021
The report also pointed out that in most such incidents, hackers downloaded crypto mining software to infected accounts within 22 seconds. These attacks are scripted and it is impossible to stop them manually. In addition, in 10% of these incidents, hackers scanned other publicly available resources on the Internet to identify vulnerable systems. In 8% of cases, they attacked other targets.
However, as reported by the network security team, crypto mining hackers are not the only attack.
“Of course, the cloud threat landscape in 2021 is not just about rogue cryptocurrency miners,” wrote Bob Mechler, Google Cloud Director of the Office of the Chief Information Security Officer, and Seth Rosembra, the Google Cloud Security Editor. A blog post.
Other threats to Google Cloud users
Another threat the team discovered was a phishing attack launched by a Russian organization called APT28 or Fancy Bear. The attackers targeted 12,000 Gmail accounts for large-scale phishing. They tried to trick users into handing over their login details. However, Google stated that it has blocked all phishing emails and no users have been compromised.
The report also pointed to an attack by a group supported by the North Korean government. The hacker organization impersonated Samsung recruiters and sent fake job opportunities to employees of South Korean information security companies. They attach malicious links to malware stored in Google Drive. Google said it also blocked it.
Another threat to cloud users is ransomware attacks, where hackers encrypt users’ data before they make payments. In the report, Google mentioned the powerful Black Matter ransomware organization. Although the group announced its closure earlier this month, Google remains cautious. “Google has received reports that the Black Matter ransomware organization has announced that it will shut down operations under external pressure. Until this is confirmed, Black Matter remains at risk.”
Total crypto market at $2.4 Trillion | Source: Crypto Total Market Cap from TradingView.com
Google blamed some of these attacks on users’ poor security practices. And vulnerabilities in third-party software installed by users.
The report also recommends several ways to prevent these attacks. One of them is to enable two-factor authentication.
Featured image by Dreamstime, Chart from TradingView.com