Market

Google reveals hacked cloud versions for mining cryptocurrencies

Google reveals hacked cloud versions for mining cryptocurrencies. Conventional mining and cryptocurrency mining may not be the same thing, but they still have something in common. Illegal mining in both forms harms the environment, the economy, public order and governance. Online attacks are very common including cryptocurrency mining abuse, phishing campaigns, ransomware, etc.

A new google cybersecurity report has Disclosure Lots of alarming statistics. In particular, the most compromised Google Cloud accounts are used for mining cryptocurrencies.

The Google Cybersecurity Action Team has published the first issue of Threat Horizons Insights. The report is based on threat intelligence observations from the Threat Analysis Group (TAG), Google Cloud Threat Intelligence for Chronicle, Trust and Safety, and many other internal teams.

Source: Google

The report states:

“Of the 50 recently compromised Google Cloud Platform (GCP) instances, 86% of the Google Cloud instances were used for mining cryptocurrencies – a for-profit process that uses a lot of cloud resources, often CPU / GPU resources or im Cases of Chia Mining, Storage Room ”.

Google cloud used for illegal cryptocurrency mining

According to the report, 10% of the compromised accounts are used to scan other public internet resources to identify vulnerable systems and 8% of the compromised accounts are used to attack targets.

The report also analyzes the cause of this situation. For example, 48% of violations are attributed to actors who gain access to a cloud instance connected to the Internet. You have no passwords or weak passwords from user accounts and API connections.

The attack activities mentioned are not new. In fact, more and more cloud platforms are falling victim to phishing and ransomware campaigns.

“In addition, attackers continue to exploit poorly configured instances of the cloud in order to profit from the mining of cryptocurrencies and the increasing data traffic. The ransomware universe continues to grow as several new ransomware have been discovered, which appear to be versions of existing malware with multiple combinations of capabilities. “

In addition, time also plays an important role in the attack on Google Cloud instances. The shortest time it takes to mine a vulnerable cloud instance on the internet is 30 minutes. Additionally, 58% of security breaches downloaded crypto mining software within 22 seconds of hacking the account.

The source: Google

Taking into account the above timeline, the first attacks and subsequent downloads are event-driven. No human intervention is required. The report says:

“The ability to intervene manually in these situations to prevent exploitation is almost impossible. The best defense is not to deploy a vulnerable system or use automated response mechanisms. “

In connection with Russian

The Russian government-backed APT28 attack group, also known as Fancy Bear, hacked around 12,000 Gmail accounts in a mass fraud attempt. Similar to the previously mentioned tasks, these scammers trick the user into changing credentials on a fake phishing site they control.

Another attack targeted a North Korea-backed hacking group posing as a recruiter for Samsung and sending fake job offers to employees of South Korean information security companies.

Aside from that, Bitcoin magazine recently reported that scammers mined YouTube videos and made at least $ 8.9 million from fake crypto giveaways in October alone.

With this dramatic increase in malicious activity, improving security by integrating two-factor authentication (2FA) must be a priority.

Join Bitcoin Magazine Telegram to keep track of news and comment on this article: https://t.me/coincunews

Follow the Youtube Channel | Subscribe to telegram channel | Follow the Facebook page

CoinX

Recent Posts

USDC and CCTP to launch on Aptos, with Stripe adding Aptos support in crypto products

Palo Alto, California, 21st November 2024, Chainwire

2 hours ago

Best Cryptos to Buy: Qubetics Set to Rise, Bitcoin Knocks at $100k Milestone, Avalanche to Release 1.67M Tokens

Best Cryptos to Buy: Qubetics presale rockets ahead, Bitcoin nears $100k, and Avalanche prepares to…

2 hours ago

Ike Goes Live on Mainnet: Unlocking Liquid Staking on Aleph Zero

London, United Kingdom, 21st November 2024, Chainwire

3 hours ago

Native USDC on Aptos Coming Soon to Boost DeFi and P2P Transactions

The move will see developers utilize USDC on Aptos in creating dApps on a wide…

3 hours ago

Coinshift Launches csUSDL, Announces Strategic Partnerships

Abu Dhabi, UAE, 21st November 2024, Chainwire

3 hours ago

Strategic Bitcoin Reserve Driven by 5-Year Commitment to Buy BTC

Senator Cynthia Lummis outlined the Strategic Bitcoin Reserve, which will sell part of the Fed's…

3 hours ago

This website uses cookies.