Over four-fifths of hackers used Google Cloud accounts to mine crypto currencies, according to a report by Google’s Cybersecurity Action Team.
Typically, cryptocurrency mining consumes vast computing resources and exploits remain common in the virtual asset space, especially considering that the meteoric rise of industry value.
Salt weakness exploited to mine crypto
A prominent example dates from May this year, when hackers exploited a vulnerability in Salt, an infrastructure tool used by eBay, LinkedIn, IBM, and other corporations, to install crypto mining malware into a company server.
Another example dates from August, when a weakness in Poly Network was exploited and over $600 million was stolen. This was among the biggest crypto heists to date. Thankfully, the funds were returned.
Vulnerable systems increasingly identified online
Every tenth compromised Cloud instance involved scanning publicly available online resources with the purpose of identifying vulnerable systems. Hackers used 8% of instances to attack other targets.
The report states:
While cloud customers continue to face a variety of threats across applications and infrastructure, many successful attacks are due to poor hygiene and a lack of basic control implementation. Most recently, our team has responded to cryptocurrency mining abuse, phishing campaigns, and ransomware. Given these specific observations and general threats, organizations that put emphasis on secure implementation, monitoring and ongoing assurance will be more successful in mitigating these threats or at the very least reduce their overall impact.
Report draws attention to inadequate security
Inadequate security practices on the part of customers caused the majority of attacks. These include using weak or no passwords. According to the report, malicious entities gained access to Google Cloud accounts by taking advantage of these poor security practices in almost three-quarters of the cases.
Where hackers used accounts to mine cryptocurrencies, they installed mining software in less than 30 seconds before the attack, rendering manual interventions an ineffective prevention method.
Experts recommend scanning for vulnerabilities and 2FA
The best defense is not using a vulnerable system or automated response mechanisms. The experts with Google’s Cybersecurity Action Team recommended a number of security approaches. These include using the “Work Safer” product for security and two-factor authentication. Of course, scanning for vulnerabilities is an indispensable component of security.
The report concluded that organizations, which focus on secure implementation and monitoring will have greater success in mitigating attacks or reducing the threats of them at the very least.
Contributors
