Hackers are using compromised cloud accounts to mine cryptocurrencies, Google has warned.
Details of the mining attack are contained in a report by Google's cybersecurity action team, which detects hacking threats against its cloud service, a remote storage system where Google stores customer data and files outside of the site, and provides tips on how to approach them.
Other threats identified by the team in its first "threat horizon" report include: Russian state hackers attempting to obtain user passwords by warning that they have been targeted by government-backed attackers; North Korean hackers posing as Samsung job recruiters; and the use of heavy encryption in ransomware attacks.
"Mining" is the name of the process by which block chains as those that sustain cryptocurrencies are regulated and verified, and require a significant amount of computing power. Google reported that of 50 recent hacks of its cloud computing service, more than 80% were used to conduct cryptocurrency mining.
Questions and answers
What is blockchain technology?
Show
Blockchain is a digital ledger that provides a secure way to conduct and record transactions, agreements, and contracts. However, uniquely, instead of being kept in one place like the more traditional ledger, the database is shared over a computer network.
This network can encompass just a handful of users or hundreds and thousands of people. The ledger becomes a long list of transactions that have taken place since the beginning of the network, and it grows larger over time.
A blockchain database consists of blocks and transactions. The blocks contain batches of "hashed" and encrypted transactions. Each block contains the hash of the previous block, which joins the two together and forms the chain. This process validates every block, up to the original, and is an integral part of database security.
Blockchain technology has been around for several years; its best known use so far is Bitcoin, the virtual currency. However, the uses of blockchain are not limited to financial transactions, and enthusiasts are looking for other applications for the technology, especially for the types of transactions where there are often disputes or trust issues.
The report said that "86% of compromised Google Cloud instances were used for cryptocurrency mining, a resource-intensive for-profit activity in the cloud," adding that in most cases mining software cryptocurrency was downloaded within 22 seconds of the account. be engaged. Google said that in three-quarters of cloud attacks, attackers had taken advantage of poor client security or vulnerable third-party software.
Google's recommendations to its cloud customers to improve their security include two-factor authentication, an additional layer of security in addition to a generic username and password, and enrollment in the company's workplace safety program.
Elsewhere in the report, Google said that the Russian government-backed hacker group APT28, aka Fancy Bear, targeted 12,000 Gmail accounts in a massive phishing attempt, in which users are tricked into giving up their login details. The attackers tried to convince account holders to hand over their details via an email that read: "We believe that government-backed attackers may be trying to trick you into obtaining your account password." Google said it had blocked all phishing emails in the attack, which targeted the UK, US and India, and that user details had not been compromised.
Another hacking ruse pointed out by Google in the report involved a Backed by North Korea group of hackers posing as Samsung recruiters and sending bogus job opportunities to employees of South Korean information security companies. The victims were then directed to a malicious link to malware stored on Google Drive, which has now been blocked.
Google said dealing with ransomware attacks, where files and data on a user's computer are encrypted by the attacker until a payment is made for their release, was difficult because heavy encryption "makes file recovery almost impossible without paying for the decryption tool. " The report notes the emergence of Black Matter, which it describes as a "formidable family of ransomware."
However, earlier this month, Black Matter said it would close due to "pressure from the authorities." Black Matter's victims include the Japanese tech group Olympus.
Google's report read: โGoogle has received reports that the Black Matter ransomware group has announced that it will shut down operations due to external pressure. Until this is confirmed, Black Matter still represents a risk. "
