



Google recently launched the Google Security Action Team (GCAT) to support digital security efforts and strengthen customer defenses, especially when it comes to cloud services. As part of that effort, Google published its first GCAT ThreatHorizons report in late November.

The report summarizes the actionable intelligence that enables organizations to protect against ever-evolving threats and provides an executive summary.

The report contains five specific threats related to cryptocurrency mining abuse, phishing and malware. All of these are concerns, but much attention has been paid to the use of Google Cloud Platform (GCP) instances to take advantage of cryptocurrency mining.

According to the Report Executive Summary:

Of the 50 recently compromised GCP instances, 86% of the compromised cloud instances were used to perform cryptocurrency mining. 10% of the compromised cloud instances were used to perform scans of other resources published on the Internet to identify vulnerable systems. 8% of the instances were used to attack other targets.

In such cases, the ultimate goal did not seem to be to steal data, GCAT reports. However, it still carries a great risk of putting your assets at risk and acts as a reminder to ensure that your cloud services are properly secured.

Cloud customers continue to face a variety of threats across their applications and infrastructure, but many successful attacks are due to unsanitary conditions and lack of implementation of basic controls, Google Cloud staff said. Bob Mechler and Seth Rosenblatt report in a blog post about threats. Horizon ns report.

The most frequently identified issues related to GCP vulnerabilities are weak or no passwords for user accounts or application programming interface (API) connections, and nearly half of all compromised incidents. It falls into this category. Concerns about third-party software programs arose second, and misconfigurations, credential leaks, and other issues also created the vulnerability.

The report also provides recommendations for mitigating attacks and improving cloud security based on findings such as:

Follow password and configuration best practices Make sure your third-party software is up-to-date Implement appropriate preventative tools to identify security vulnerabilities Set up alerts to alert you to high resource consumption on GitHub Avoid disclosing your credentials.

This report provides additional details on GCP cryptocurrency mining abuse and other identified concerns. Other detailed attacks include a large phishing attack on a Gmail account by a Russian attacker, the abuse of cloud resources to generate traffic to YouTube for view manipulation, and the North disguised as a Samsung recruiter. Includes a new ransomware called Black Matter, a Korean attacker.

For more information on these attacks and the latest news in the cybersecurity world, please see the full report or visit the GCAT website.

