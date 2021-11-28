



Regular mining and cryptocurrency mining may not be the same, but they have something in common. Both illegal mining will hurt the environment, economy, public order and morals, and governance. Online attacks have become very prominent and include cryptocurrency mining abuses, phishing campaigns, ransomware and more.

Take this into account – Google’s new cybersecurity report reveals some amazing statistics. According to this report, the most compromised Google Cloud accounts are being used for cryptocurrency mining.

Google’s cybersecurity action team has released the first issue of Threat Holes Insights. This report is based on observations of threat intelligence by the Threat Analysis Group (TAG), Google Cloud Threat Intelligence for Chronicle, Trust and Safety, and other internal teams.

The report states:

“Of the 50 recently compromised GCP instances, 86% of the compromised Google Cloud instances were used to perform cryptocurrency mining and cloud resource-intensive commercial activities. This is typically CPU. / It consumed GPU resources and, in the case of Chia mining, storage space. “

Google cloud used for illegal crypto mining

He added that 10% of compromised accounts were used to perform scans of other publicly available internet resources to identify vulnerable systems. Elsewhere, another 8% of hacked accounts were used to attack other targets.

Well, it also sheds light on possible reasons. For example, 48% of compromised instances were due to actors accessing cloud instances directly connected to the Internet. These either had no password or had a weak password for the user account or API connection.

The malicious activities mentioned above are not new. In fact, phishing campaigns and ransomware are increasingly being witnessed on cloud platforms.

“Attackers also continue to exploit improperly configured cloud instances to profit through cryptocurrency mining and traffic pumping. The world of ransomware is also expanding and existing with a mix of features. New ransomware has been discovered that looks like a derivative of the malware. “

Going forward, time also plays an important role in Google Cloud instance breaches. The shortest time from deploying a vulnerable cloud instance exposed to the Internet to its compromise was determined to be only 30 minutes. In addition, 58% of cryptocurrency mining software breaches were downloaded within 22 seconds of the account being breached. The graph below sheds light on this story.

What does this mean? Now, looking at the timeline above, the first attack and subsequent downloads were scripted events. No human intervention was required. The report states: “The ability to manually intervene in these situations to prevent exploitation is nearly impossible. The best defense is to avoid deploying vulnerable systems or auto-responder mechanisms.”

Russian ties

The Russian government-backed hacking group APT28 (also known as Fancy Bear) has attempted mass phishing and attacked approximately 12,000 Gmail accounts. Similar to the task above, these scammers seduce the attacker to change their credentials on a controlled phishing page.

In another hack, a North Korean-backed hacker group disguised itself as a recruiter in Samsung, sending fake employment opportunities to employees of a South Korean information security company.

In addition to this, another recent report recently discussed scammers who infringed YouTube videos through fake cryptocurrency giveaways and earned a cumulative total of at least $ 8.9 million in October alone.

Witnessing this surge in these malicious activities, we should prioritize improving security by incorporating two-factor authentication (2FA).

