Hackers can use compromised Google Cloud accounts to install mining software in under 30 seconds: report

Published at: Nov. 26, 2021

In a report aimed at assessing threats to Cloud users, Google’s Cybersecurity Action Team said that some attackers are exploiting “poorly configured” accounts to mine cryptocurrency.

On Wednesday, the Google team said out of 50 analyzed incidents that compromised the Google Cloud Protocol, 86% were related to crypto mining. The hackers used the compromised Cloud accounts to access resources from individuals’ CPUs or GPUs to mine tokens or take advantage of storage space when mining coins on the Chia Network.

However, Google’s team reported that many of the attacks were not limited to a single malicious action like crypto mining, but also as a staging point to conduct other hacks and identify other vulnerable systems. According to the cybersecurity team, the actors usually gained access to Cloud accounts as a result of “poor customer security practices” or “vulnerable third-party software.”

“While data theft did not appear to be the objective of these compromises, it remains a risk associated with the cloud asset compromises as bad actors start performing multiple forms of abuse,” said the Cybersecurity Action Team. “The public Internet-facing Cloud instances were open to scanning and brute force attacks.”

The speed of the attacks was also noteworthy. According to Google’s analysis, hackers were able to download crypto mining software to the compromised accounts within 22 seconds in the majority of the incidents analyzed. Google suggested that “the initial attacks and subsequent downloads were scripted events not requiring human intervention” and said it would be nearly impossible to manually intervene to stop such incidents once they started.

Related: Google bans 8 'deceptive' crypto apps from Play Store

An attack on multiple users’ Cloud accounts to gain access to additional computing power is not a new approach to illicitly mining crypto. ‘Cryptojacking’, as it is known by many in the space, has had several high-profile incidents including a hack of Capital One in 2019 to allegedly use credit card users’ servers to mine crypto. However, browser-based cryptojacking as well as mining crypto after gaining access through deceptive app downloads is also still a problem for many users.

Tags
Business
Google
Mining
Bitcoin Mining
Cloud Storage
Related Posts
Google Cloud to detect crypto-mining malware on virtual machines
It’s a shot in the arm for Google Cloud users at risk of cryptocurrency mining attacks. The Google Cybersecurity Action Team (GCAT) has created a threat detection service to shield “poorly configured” accounts that attackers use to mine cryptocurrency. In a blog post, Google Cloud announced the Virtual Machine Threat Detection (VMTD) release in its Security Command Center (SCC) area. A means of scanning compute engines in Google Cloud, the VMTD successfully detects threats, including crypto-mining malware used inside virtual machines. Crypto-mining malware attacks, sometimes called “cryptojacking,” are an ongoing nuisance in the industry. While browser-based cryptojacking activity spiked in …
Blockchain / Feb. 7, 2022
Bitcoin mining stocks have outperformed BTC by 455% over the past 12 months
Despite the top publicly listed Bitcoin (BTC) mining firms operating at losses, their share prices have dramatically outperformed BTC over the past 12 months. Appearing on CNBC, Fundstrat’s vice president of digital asset strategy, Leeor Shimron, shared his analysis into the market performance of the four largest publicly traded mining firms: Marathon Digital Holdings, Riot Blockchain, Hive Blockchain and Hut 8 — each of which represents a market capitalization of more than $1 billion. Over the past 12 months, Shimron found the average return for shares in the mining firms to have been 5,000%, while BTC has gained 900% over …
Bitcoin / March 22, 2021
The race for semiconductors: Are crypto miners taking the lion's share?
Over the last couple of years, the world has been grappling with the lack of semiconductors, which are the substances that conduct electricity between metals and isolates. The most famous semiconductor is silicon. If correlating this concept to electronic devices, then the key semiconductors are processors and other microcircuits that are present in almost all devices that people use every day, from smartphones to cars. In 2021, semiconductors hit a world record in terms of sales. Electronics production also boomed, with hundreds of millions of complex semiconductors being devoured by gaming consoles. The number of GPUs produced grew to unseen …
Technology / April 7, 2022
Nvidia cites limited visibility into crypto mining demand's impact on Q2 results
Graphics card giant Nvidia CFO Colette Kress says the company has been unable to estimate how much impact reduced crypto mining demand had on its Q2 results, which fell short of analyst expectations. The chip giant released its financial results for the three months ended Jul. 31 on Wednesday, which revealed a 19% quarter-on-quarter drop in revenue to $6.5 billion, while net income fell 59% to $656 million. Revenue for its gaming division, which includes sales of GPUs that can be used for cryptocurrency mining, fell 44% in revenue from the previous quarter to $2.04 billion, which Nvidia attributed to …
Bitcoin / Aug. 25, 2022
How hard has this bear market been for Bitcoin mining? Watch Market Talks on Cointelegraph
On this week’s episode of Market Talks, Cointelegraph welcomes Drew Vosk, founder of VoskCoin, a cryptocurrency YouTube channel with over 607,000 subscribers. This week, we take a deep dive into all things crypto from the unique perspective of a Bitcoin (BTC) miner. We get Vosk’s take on the things that are impacting his bottom line as a Bitcoin miner and what challenges he is currently facing by mining Bitcoin at home as opposed to with an industrial miner. Is it worth investing in a solar mining farm with electricity costs soaring at the moment? What is the ROI, and is …
Bitcoin / Dec. 15, 2022