Google warns ‘Malicious Actors’ performing crypto mining using compromised cloud accounts
Horizons” report raising awareness among users and intelligence regarding security weaknesses in its platform.
As per Google around 86% of 50 recently compromised accounts are being used for malicious activity purpose. It also refers about malicious actors using compromised Google Cloud accounts for mining cryptocurrencies Chia, which use storage space as a mining resource.
In the most of studied cases within 22 seconds of the account being compromised, cryptocurrency mining software was being downloaded. Within eight hours of being deployed 40% of the unsecured instances were being compromised.
As per Google this reflects that malicious actor were tracking these unsecured Google instances actively and were systematically attacking these unsecured instances with only aiming to use it for this purpose.
Google Cloud accounts is a remote storage platform for users to keep data and files off-site and hence have access to processing power that can be easily redirected to perform malicious tasks. To identify vulnerable systems around 10% of the compromised accounts were also used to conduct scans of other publicly available resources on the internet while 8% of instances were used to attack other targets.
Google states “This suggests that the public IP address space is routinely scanned for vulnerable Cloud instances. It will not be a matter of if a vulnerable Cloud instance is detected, but rather when”. Seth Rosenblatt, security editor at Google Cloud, in a blog post and Bob Mechler, director of the office of the chief information security officer at Google Cloud said, “The cloud threat landscape in 2021 was more complex than just rogue cryptocurrency miners, of course,”
Usually using Google cloud for a fee, users are allowed to do crypto mining which is a for-profit activity that often requires large amounts of computing power. Cloud mining cryptocurrency requires high usage of CPU and/or GPU power.