Google, the software giant, is warning users about malicious actors who use compromised Google Cloud accounts to mine cryptocurrency. Google Cloud accounts can have access to processing power that could be used to execute malicious tasks. The first “Threat Horizons” report by Google was published to raise awareness about security flaws in its platform. It found that 86% of compromised accounts were used for this purpose.
According to the report, cryptocurrency mining in cloud environments can cause high CPU and GPU usage. The report also mentions alternative cryptocurrencies such as Chia that use storage space to mine.
Causes and mitigation
Poor security due to various issues was the first reason for the compromise of the Google Cloud instances. One issue was either a weak password or insufficient authentication to gain access to the platform. These platforms can be easily accessed by malicious actors if they are not protected with basic security measures. Other cloud platforms also face similar problems.
The majority of the compromised instances were able to download the cryptocurrency mining software within 22 seconds. These unsecured instances are being targeted with malicious intent, and they have been downloaded the cryptocurrency mining software in less than 22 seconds. These malicious actors may also be actively tracking these unsecured Google Instances, as 40% of them were compromised within 8 hours of being deployed. Google stated:
This means that vulnerable Cloud instances are routinely checked in the public IP address space. It won’t be a matter if a vulnerable Cloud instance has been detected but when.
The report suggests that users adhere to the best security practices, and implement container analysis, web scanning, and other tools that can probe the system for security vulnerabilities using various techniques, such as crawling.