Cybersecurity: Compromised Google Cloud Platform Instances Are Being Used To Mine Crypto
Google has released a new cybersecurity report warning about how compromised Google Cloud instances are being leveraged by cryptocurrency miners for cryptocurrency mining.
Threat intelligence observations from the Threat Analysis Group (TAG), Google Cloud Threat Intelligence for Chronicle, Trust and Safety, and other internal teams were used to create the “Threat Horizons” report.
According to the research, 86 percent of the infected Google Cloud instances were utilized to execute bitcoin mining, a cloud resource-intensive for-profit activity, while the remaining hacking operations comprised phishing scams and malware.
Poor hygiene and a lack of basic control implementation are to blame for many successful GCP assaults. Google also revealed that roughly 10% of exploited Cloud instances were used to conduct scans of other publicly available resources on the Internet in order to locate susceptible systems, while 8% of instances were utilized to attack other targets.
“While data theft did not appear to be the objective of these compromises, it remains a risk associated with the cloud asset compromises as bad actors start performing multiple forms of abuse,” the report said.
“Malicious actors gained access to the Google Cloud instances by taking advantage of poor customer security practices or vulnerable third-party software in nearly 75% of all cases.”
According to the search engine giant, 48 percent of instances had weak or no passwords for user accounts or no authentication for APIs, while 26 percent of instances had a vulnerability in third-party software on the Cloud instance.
Furthermore, 12% were attributable to ‘other difficulties,’ another 12% were due to misconfiguration of Cloud instances or third-party software, and only 4% were due to leaked credentials, such as keys published in GitHub projects.
In the compromise of the Google Cloud instances, time was of the importance. It was established that the shortest time between deploying a vulnerable Cloud instance exposed to the Internet and its compromise was as little as 30 minutes.
In 40% of cases, the time to reach a compromise was less than eight hours. Within 22 seconds of the account being compromised, the bitcoin mining software was downloaded to the system in 58 percent of cases.
“The best defense would be to avoid deploying vulnerable systems or having automated reaction mechanisms,” the paper advised.
The tech giant has advised its cloud customers to improve their security by enabling two-factor authentication, scanning for vulnerabilities, updating third-party software prior to exposing a Cloud instance to the web, avoiding publishing credentials in GitHub projects, implementing Google’s “Work Safer” product for security, and much more.
“In light of these specific observations and general concerns, companies that prioritize safe implementation, monitoring, and continuous assurance will be more successful in minimizing these dangers or, at the very least, reducing their overall impact,” the research stated.
