Attackers are taking advantage of certain compromised Google Cloud accounts for illegal cryptocurrency mining.
Google has reported that in recent days have discovered a large set of compromised Google Cloud instances in different illegal attacks for cryptocurrency mining, in a series of attacks programmed to carry out this type of operations.
Now illegal cryptocurrency miners are using hacked Google Cloud accounts for computationally intensive mining purposes. Google has provided details about this security breach in a report published a few hours ago.
In the report called Threat Horizons, which aims to provide intelligence that allows organizations to keep their cloud environments safe, they have provided a series of data on how these accounts have been hacked.
Everyone talks about cryptocurrencies but ... do they really contribute something, beyond their status as a commodity to speculate? Let's see what they are for.
From Google they affirm that malicious actors have observed cryptocurrency mining within compromised Google Cloud instances. Google Cloud instances are a collection of virtual machine instances that can be managed as a single entity.
And, as you well know, cryptocurrency mining is often an activity that requires large amounts of energy and computing power that can be accessed by Google Cloud customers at a cost. And it is that many clients use Google Cloud as a remote storage platform.
In the report, Mountain Viewers note that 86% of the 50 compromised Google Cloud accounts were used for cryptocurrency mining. They claim that in these breaches, the mining software was downloaded within 22 seconds after the accounts were breached.
Then approximately 10% of the compromised accounts were used to scan other publicly available resources on the internet, while 8% of the remaining instances were used to attack other targets.
In the report it can be read that it is suggested “that the initial attacks and the subsequent downloads are about programmed events that did not require human intervention. The ability to intervene manually in these situations to avoid exploitation is practically impossible ”.
Google is convinced that cybercriminals exploited multiple Google Cloud IP addresses instead of targeting specific account customers.
