Hackers Are Now Using Compromised Cloud Accounts To Mine Crypto
28 Noviembre 2021 - 12:00PM
NEWSBTC
Attackers are exploiting poorly configured cloud accounts to mine
crypto, Google warned users in a recent report. Cryptocurrency
mining is a computationally intensive activity. And Google Cloud
customers can access it at a cost. However, miners are now hacking
Google Cloud accounts for mining purposes. In the report titled
“Threat Horizons,” Google’s cybersecurity team assessed various
threats to Cloud users, providing details of the breaches. Related
Reading | Data Shows Crypto Hacks And Fraud In 2021 Are On
Track For A New Record The report also provided cybersecurity
threat intelligence to cloud users. The aim is to enable them
“better configure their environments and defenses in manners most
specific to their needs.” Crypto Miners Hacking Google Accounts In
the report, the cybersecurity team analyzed 50 recently compromised
Google Cloud accounts. And out of those, 86% were related to crypto
mining. “Malicious actors were observed performing cryptocurrency
mining within compromised Cloud instances,” Google wrote. Related
Reading | Ethereum Miner Revenue Outpaces Bitcoin In 2021 The
report also stated that in the majority of these incidents, the
hackers downloaded crypto mining software to the compromised
accounts within 22 seconds. The attacks were scripted, and it would
have been impossible to manually stop them. Additionally, in 10% of
these incidents, the hackers scanned other publicly available
resources on the Internet to identify vulnerable systems. While in
8% of the instances, they attacked other targets. However, as
reported by the cybersecurity team, the crypto mining hacks were
not the only attacks. “The cloud threat landscape in 2021 was more
complex than just rogue cryptocurrency miners, of course,” wrote
Bob Mechler, Google Cloud Director of the office of the Chief
Information Security Officer, and Seth Rosenblatt, Google Cloud
Security Editor, in a blog post. Other Threats To Google Cloud
Users Another threat the team identified was a phishing attack by
the Russian group called APT28, or Fancy Bear. The attackers
targeted 12,000 Gmail accounts in a mass phishing attempt. They
attempted to trick users into handing over their login details.
Google, however, said it had blocked all the phishing emails, and
no user was compromised. The report also pointed out an attack by a
North Korean government-backed group. This hacker group posed as
Samsung recruiters, sending fake job opportunities to employees at
South Korean information security companies. They attached a
malicious link to malware stored in Google Drive. Google said it
also blocked it. Another threat to cloud users is ransomware
attacks, whereby hackers encrypt users’ data until they pay. In the
report, Google mentions the formidable Black Matter ransomware
group. And although the group announced that it was shutting down
earlier this month, Google is still cautious. “Google has received
reports that the Black Matter ransomware group has announced it
will shut down operations given outside pressure. Until this is
confirmed, Black Matter still poses a risk.” Total crypto market at
$2.4 Trillion | Source: Crypto Total Market Cap from
TradingView.com Google attributes some of these attacks to users’
poor security practices. And also vulnerabilities in third-party
software that the users install. The report also recommends a few
ways to prevent these attacks. One of which is enabling two-factor
authentication. Featured image by Dreamstime, Chart from
TradingView.com
Bitcoin (COIN:BTCUSD)
Gráfica de Acción Histórica
De Feb 2024 a Mar 2024
Bitcoin (COIN:BTCUSD)
Gráfica de Acción Histórica
De Mar 2023 a Mar 2024