Google Issues Warning: Utilization of Cloud by Malicious Actors for Cryptocurrency Mining
Snapshot
- Google cloud is used to mine cryptocurrencies
- Causes and Mitigation
Google has issued a warning for its users about the usage of Google cloud platform for mining of cryptocurrencies by malicious actors. In its latest report on Cloud Threat Intelligence, titled “Threat Horizons”, the company has informed that 86% of the compromised instances on the cloud platform were being used for the mining of cryptocurrencies. The report also indicates that most of the accounts that were compromised either had weak passwords or had no passwords at all.
Google cloud is used to mine cryptocurrencies
Google is alerting its users regarding the usage of compromised cloud accounts for mining of cryptocurrency by malicious actors. Malicious actors use processing power, which can be accessed through Google accounts to perform the malicious task. According to the “Threat Horizons” report, cryptocurrency mining over the cloud platform requires high utilization of CPU/GPU power. The report also indicated that mining of cryptocurrencies like Chia requires storage space as a mining resource.
Causes and Mitigation
The first cause for the compromised cloud platform was poor security due to various reasons. Primary reason identified was utilization of weak passwords or no passwords for accessing the cloud platform by users. With no proper security measures, it was easy for unauthorized parties to access the platforms.
In most of the instances the malicious actor downloaded the mining software in less than 22 seconds after gaining access to the cloud platform. This indicates a pattern of systematic attack on unsecured instances for the sole purpose of using them to mine cryptocurrency. Also, 40% of these unsecured instances were compromised within eight hours of deployment, indicating that these unsecured instances were being tracked by malicious actors.
In order to mitigate the identified risks, the report suggests users to follow basic best security practices and implement web scanning and container analysis, tools that will investigate the system for any weaknesses.
Disclaimer: The article should not be considered as any financial advice. It is advisable to conduct thorough research before investmenting.
Photo by – QuinceCreative on Pixabay