HomeNewsGoogle warns: 86% of hackers use Google Cloud accounts to mine crypto
Google warns: 86% of hackers use Google Cloud accounts to mine crypto

Google warns: 86% of hackers use Google Cloud accounts to mine crypto

Last updated 19th Jan 2022

Over four-fifths of hackers used Google Cloud accounts to mine crypto currencies, according to a report by Google’s Cybersecurity Action Team.

Typically, cryptocurrency mining consumes vast computing resources and exploits remain common in the virtual asset space, especially considering that the meteoric rise of industry value.

Salt weakness exploited to mine crypto

A prominent example dates from May this year, when hackers exploited a vulnerability in Salt, an infrastructure tool used by eBay, LinkedIn, IBM, and other corporations, to install crypto mining malware into a company server.

Minimum Deposit
Exclusive Promotion
User Score
More than 3,000 assets, including currencies, stocks, cryptocurrencies, ETFs, indices and commodities
Buy crypto, or trade cryptocurrencies via CFDs
This ad promotes virtual cryptocurrency investing within the EU (by eToro Europe Ltd. and eToro UK Ltd.) & USA (by eToro USA LLC); which is highly volatile, unregulated in most EU countries, no EU protections & not supervised by the EU regulatory framework. Investments are subject to market risk, including the loss of principal.

Another example dates from August, when a weakness in Poly Network was exploited and over $600 million was stolen. This was among the biggest crypto heists to date. Thankfully, the funds were returned.  

Vulnerable systems increasingly identified online

Every tenth compromised Cloud instance involved scanning publicly available online resources with the purpose of identifying vulnerable systems. Hackers used 8% of instances to attack other targets.

The report states:

While cloud customers continue to face a variety of threats across applications and infrastructure, many successful attacks are due to poor hygiene and a lack of basic control implementation. Most recently, our team has responded to cryptocurrency mining abuse, phishing campaigns, and ransomware. Given these specific observations and general threats, organizations that put emphasis on secure implementation, monitoring and ongoing assurance will be more successful in mitigating these threats or at the very least reduce their overall impact.

Report draws attention to inadequate security

Inadequate security practices on the part of customers caused the majority of attacks. These include using weak or no passwords. According to the report, malicious entities gained access to Google Cloud accounts by taking advantage of these poor security practices in almost three-quarters of the cases.

Where hackers used accounts to mine cryptocurrencies, they installed mining software in less than 30 seconds before the attack, rendering manual interventions an ineffective prevention method.

Experts recommend scanning for vulnerabilities and 2FA

The best defense is not using a vulnerable system or automated response mechanisms. The experts with Google’s Cybersecurity Action Team recommended a number of security approaches. These include using the “Work Safer” product for security and two-factor authentication. Of course, scanning for vulnerabilities is an indispensable component of security.

The report concluded that organizations, which focus on secure implementation and monitoring will have greater success in mitigating attacks or reducing the threats of them at the very least.

Daniela Kirova

Daniela Kirova

Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.