Google has warned that cryptocurrency miners are using hacked Google Cloud accounts for computationally intensive mining.
Details were disclosed by Google's cybersecurity team in a study published on Wednesday. The "Threat Horizons" study seeks to give intelligence that will assist firms in keeping their cloud systems safe.
Google wrote in an executive summary of the report, “Malicious actors were observed performing cryptocurrency mining within compromised Cloud instances.”
Cryptocurrency mining is a for-profit industry that frequently necessitates enormous quantities of computational power, which Google Cloud users may purchase. Google Cloud is a cloud-based storage technology that allows consumers to store data and files off-site.
As per Google, 86 per cent of the 50 newly hacked Google Cloud accounts were used to mine cryptocurrencies. Bitcoin mining software was downloaded in the majority of cases within 22 seconds of the account being hacked.
Around 10% of the affected accounts were also used to perform scans of other publicly available resources on the internet in order to locate susceptible systems, while the remaining 8% were utilised to attack new targets.
According to Google, malicious actors were able to get access to Google Cloud accounts by exploiting inadequate consumer security procedures. Almost half of the compromised accounts were the result of criminals acquiring access to an internet-facing Cloud account that had either no password or had been hacked.
As a result, these Google Cloud accounts were vulnerable to being scanned and brute-forced.
A quarter of the compromised accounts were the result of flaws in third-party software installed by the owner.
Bitcoin, the world's most popular cryptocurrency, has been criticized for consuming excessive amounts of energy. Bitcoin mining consumes more energy than several countries. When authorities investigated a suspected cannabis farm in May, they discovered it was actually an illegal bitcoin mine.
“The cloud threat landscape in 2021 was more complex than just rogue cryptocurrency miners, of course,” wrote Bob Mechler, director of the office of the chief information security officer at Google Cloud, and Seth Rosenblatt, security editor at Google Cloud, in a blog post.
They also stated that Google researchers discovered a phishing attack by the Russian group APT28/Fancy Bear at the end of September and that Google stopped the attack.
Google researchers also discovered a North Korean government-backed threat organisation that impersonated Samsung recruiters in order to deliver harmful attachments to the staff at various South Korean anti-malware protection firms, they noted.