{"id":477547,"date":"2021-11-28T18:00:51","date_gmt":"2021-11-28T18:00:51","guid":{"rendered":"https:\/\/wncen.com\/?p=477547"},"modified":"2024-06-11T11:47:00","modified_gmt":"2024-06-11T11:47:00","slug":"hackers-are-now-using-compromised-cloud-accounts-to-mine-crypto","status":"publish","type":"post","link":"https:\/\/wncen.com\/news\/hackers-are-now-using-compromised-cloud-accounts-to-mine-crypto\/","title":{"rendered":"Hackers Are Now Using Compromised Cloud Accounts To Mine Crypto"},"content":{"rendered":"
Attackers are exploiting poorly configured cloud accounts to mine crypto, Google warned users in a recent report<\/a>.<\/p>\n Cryptocurrency mining is a computationally intensive activity. And Google Cloud customers can access it at a cost. However, miners are now hacking Google Cloud accounts for mining purposes. Related Reading |\u00a0Data Shows Crypto Hacks And Fraud In 2021 Are On Track For A New Record<\/a><\/em><\/strong><\/p>\n The report also provided cybersecurity threat intelligence to cloud users. The aim is to enable them “better configure their environments and defenses in manners most specific to their needs.”<\/p>\n In the report, the cybersecurity team analyzed 50 recently compromised Google Cloud accounts. And out of those, 86% were related to crypto mining. \u201cMalicious actors were observed performing cryptocurrency mining within compromised Cloud instances,\u201d Google wrote.<\/p>\n Related Reading |\u00a0Ethereum Miner Revenue Outpaces Bitcoin In 2021<\/a><\/em><\/strong><\/p>\n The report also stated that in the majority of these incidents, the hackers downloaded crypto mining software to the compromised accounts within 22 seconds. The attacks were scripted, and it would have been impossible to manually stop them. Additionally, in 10% of these incidents, the hackers scanned other publicly available resources on the Internet to identify vulnerable systems. While in 8% of the instances, they attacked other targets.<\/p>\n However, as reported by the cybersecurity team, the crypto mining hacks were not the only attacks.<\/span><\/p>\n \u201cThe cloud threat landscape in 2021 was more complex than just rogue cryptocurrency miners, of course,\u201d wrote Bob Mechler, Google Cloud Director of the office of the Chief Information Security Officer, and Seth Rosenblatt, Google Cloud Security Editor, in\u00a0<\/span>a blog post<\/span><\/a>.<\/span><\/p>\n Another threat the team identified was a phishing attack by the Russian group called APT28, or Fancy Bear. The attackers targeted 12,000 Gmail accounts in a mass phishing attempt. They attempted to trick users into handing over their login details. Google, however, said it had blocked all the phishing emails, and no user was compromised.<\/span><\/p>\n The report also pointed out an attack by a North Korean government-backed group. This hacker group posed as Samsung recruiters, sending fake job opportunities to employees at South Korean information security companies. They attached a malicious link to malware stored in Google Drive. Google said it also blocked it.<\/span><\/p>\n Another threat to cloud users is ransomware attacks, whereby hackers encrypt users’ data until they pay. In the report, Google mentions the formidable Black Matter ransomware group. And although the group announced that it was shutting down earlier this month, Google is still cautious. <\/span>\u201cGoogle has received reports that the Black Matter ransomware group has announced it will shut down operations given outside pressure. Until this is confirmed, Black Matter still poses a risk.\u201d<\/span><\/p>\n <\/p>\n Google attributes some of these attacks to users’ poor security practices. And also vulnerabilities in third-party software that the users install.<\/span><\/p>\n The report also recommends a few ways to prevent these attacks. One of which is enabling two-factor authentication.<\/span><\/p>\n Attackers are exploiting poorly configured cloud accounts to mine crypto, Google warned users in a recent report. Cryptocurrency mining is a computationally intensive activity. And Google Cloud customers can access it at a cost. However, miners are now hacking Google Cloud accounts for mining purposes. In the report titled “Threat Horizons,” Google’s cybersecurity team assessed various threats to Cloud users, providing details of the breaches. Related Reading |\u00a0Data Shows Crypto Hacks And Fraud In 2021 Are On Track For A New Record The report also provided cybersecurity threat intelligence to cloud users. The aim is to enable them “better configure their environments and defenses in manners most specific to their needs.” Crypto Miners Hacking Google Accounts In the report, the cybersecurity team analyzed 50 recently compromised Google Cloud accounts. And out of those, 86% were related to crypto mining. \u201cMalicious actors were observed performing cryptocurrency mining within compromised Cloud instances,\u201d Google wrote. Related Reading |\u00a0Ethereum Miner Revenue Outpaces Bitcoin In 2021 The report also stated that in the majority of these incidents, the hackers downloaded crypto mining software to the compromised accounts within 22 seconds. The attacks were scripted, and it would have been impossible to manually stop them. Additionally, in 10% of these incidents, the hackers scanned other publicly available resources on the Internet to identify vulnerable systems. While in 8% of the instances, they attacked other targets. However, as reported by the cybersecurity team, the crypto mining hacks were not the only attacks. \u201cThe cloud threat landscape in 2021 was more complex than just rogue cryptocurrency miners, of course,\u201d wrote Bob Mechler, Google Cloud Director of the office of the Chief Information Security Officer, and Seth Rosenblatt, Google Cloud Security Editor, in\u00a0a blog post. Other Threats To Google Cloud Users Another threat the team identified was a phishing attack by the Russian group called APT28, or Fancy Bear. The attackers targeted 12,000 Gmail accounts in a mass phishing attempt. They attempted to trick users into handing over their login details. Google, however, said it had blocked all the phishing emails, and no user was compromised. The report also pointed out an attack by a North Korean government-backed group. This hacker group posed as Samsung recruiters, sending fake job opportunities to employees at South Korean information security companies. They attached a malicious link to malware stored in Google Drive. Google said it also blocked it. Another threat to cloud users is ransomware attacks, whereby hackers encrypt users’ data until they pay. In the report, Google mentions the formidable Black Matter ransomware group. And although the group announced that it was shutting down earlier this month, Google is still cautious. \u201cGoogle has received reports that the Black Matter ransomware group has announced it will shut down operations given outside pressure. Until this is confirmed, Black Matter still poses a risk.\u201d Total crypto market at $2.4 Trillion | Source: Crypto Total Market Cap from TradingView.com Google attributes some of these attacks to users’ poor security practices. And also vulnerabilities in third-party software that the users install. The report also recommends a few ways to prevent these attacks. One of which is enabling two-factor authentication. Featured image by Dreamstime, Chart from TradingView.com<\/p>\n","protected":false},"author":545,"featured_media":477549,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[11450,8557,2219,84794,2276,2282],"class_list":["post-477547","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-crypto-mining","tag-cryptocurrency-mining","tag-google","tag-google-cloud","tag-hack","tag-hackers"],"acf":[],"yoast_head":"\n
\nIn the report titled “Threat Horizons,” Google’s cybersecurity team assessed various threats to Cloud users, providing details of the breaches.<\/p>\nCrypto Miners Hacking Google Accounts<\/span><\/h2>\n
Other Threats To Google Cloud Users<\/span><\/h2>\n
Total crypto market at $2.4 Trillion | Source: Crypto Total Market Cap from TradingView.com<\/a><\/pre>\n
Featured image by Dreamstime, Chart from TradingView.com<\/pre>\n","protected":false},"excerpt":{"rendered":"