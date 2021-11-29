



Google has warned users in a recent report that attackers are exploiting improperly configured cloud accounts to mine crypto.

Cryptocurrency mining is a computationally intensive activity. In addition, Google Cloud customers can access it for a fee. However, miners are currently hacking Google Cloud accounts for mining purposes. In a report titled “Threat Holidays,” Google’s cybersecurity team assessed various threats to cloud users and provided details of the breach.

The report also provided cloud users with cybersecurity threat intelligence. The goal is to enable us to “configure the environment and defenses better in the way that is most specific to our needs.”

Cryptographic miner hacking Google account

In the report, the cyber security team analyzed 50 recently compromised Google Cloud accounts. And 86% of them were related to crypto mining. Google writes that malicious attackers have been observed performing cryptocurrency mining within compromised cloud instances.

The report also stated that in most of these incidents, hackers downloaded crypto mining software to their compromised accounts within 22 seconds. The attack was scripted and could not be stopped manually. In addition, in 10% of these incidents, hackers scanned other resources published on the Internet to identify vulnerable systems. 8% of instances attacked other targets.

However, as reported by the cyber security team, crypto mining hacks were not the only attacks.

Of course, the 2021 cloud threat situation was more complicated than just a rogue cryptocurrency miner. Bob Mechler, Google Cloud Director at the Chief Information Security Officer’s office, and Seth Rosenblatt, Google Cloud Security Editor, posted on their blog.

Other threats to Google Cloud users

Another threat identified by the team was a phishing attack by a Russian group called APT28 or Fancy Bear. The attacker attempted a large amount of phishing and targeted 12,000 Gmail accounts. They tried to trick the user into passing the login details. However, Google says it blocks all phishing emails and does not put users at risk.

The report also noted attacks by groups backed by the North Korean government. The hacker group disguised itself as a Samsung recruiter and sent fake employment opportunities to employees of a South Korean information security company. They attached a malicious link to the malware stored in Google Drive. Google said it also blocked it.

Another threat to cloud users is ransomware attacks. This allows hackers to encrypt your data until you pay. In the report, Google mentions the formidable BlackMatter ransomware group. And although the group announced it would close earlier this month, Google is still cautious. Google has been informed that the BlackMatter ransomware group has announced that it will be shut down due to external pressure. Until this is confirmed, Black Matter still poses a risk.

Google believes some of these attacks are due to poor user security practices. Also, a vulnerability in user-installed third-party software.

The report also recommends several ways to prevent these attacks. One is to enable two-factor authentication.

