Cryptocurrency miners busted with compromised Google Cloud instances

Google has released a report that busted illegal cryptocurrency mining that was being routed through Google Cloud servers.

Comment IconFacebook IconX IconReddit Icon
Junior Editor
Published
Updated
1 minute & 45 seconds read time

Update: Malicious actors gained access to the Google Cloud instances by taking advantage of poor customer security practices or vulnerable third-party software in nearly 75% of all cases. As shown in Table 2, 48% of compromised instances were attributed to actors gaining access to the Internet-facing Cloud instance, which had either no password or a weak password for user accounts or API connections. As a result, these Google Cloud instances could be easily scanned and brute forced. 26% of compromised instances were attributed to vulnerabilities in third-party software, which was installed by the owner.

Google's Cybersecurity Action team has released a report called the "Threat Horizons Executive Snapshot", which details ongoing online threats through trend tracking and other data pools.

Cryptocurrency miners busted with compromised Google Cloud instances 01

The report was included threat intelligence observations from the Threat Analysis Group, Google Cloud Threat, Intelligence for Chronicle, Trust and Safety group, and other internal teams. Cryptocurrency mining abuse was specifically mentioned in the report, with it stating that bad actors were observed mining cryptocurrency within a compromised Cloud instance.

The report states, "Of 50 recently compromised GCP instances, 86% of the compromised Cloud instances were used to perform cryptocurrency mining, a Cloud resource-intensive, for-profit activity. Additionally, 10% of compromised Cloud instances were used to conduct scans of other publicly available resources on the Internet to identify vulnerable systems, and 8% of instances were used to attack other targets.

Adding,"While data theft did not appear to be the objective of these compromises, it remains a risk associated with the cloud asset compromises as bad actors start performing multiple forms of abuse."

Additionally, Google's report indicates that 86% of 50 Google Cloud accounts downloaded cryptocurrency mining software within 22 seconds of the account being compromised. If you are interested in reading more about this story, check out Google's report here.

Junior Editor

Email IconX IconLinkedIn Icon

Jak joined the TweakTown team in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak's love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms.

Newsletter Subscription

Join the daily TweakTown Newsletter for a special insider look into new content and what is happening behind the scenes.

Related Topics

Newsletter Subscription