According to Google, cyber criminals have now started hacking Google cloud accounts to mine cryptocurrency. Google’s cybersecurity team published its first threat horizon report detailing details of the hack.
According to the report, 86 percent of the compromised Google Cloud instances were used to mine cryptocurrencies, a resource-intensive for-profit activity utilizing cloud computing resources, adding that most cryptocurrency mining software was downloaded within 22 seconds of the account being compromised.
The cloud service offered by Google is one of the industry’s most popular remote storage system and allows the company to store customers’ files and data on a remote server that can be used to mine crypto coins.
It takes a lot of computing power and electricity to mine cryptocurrency, which is done by high-powered computers that are competing to solve complicated mathematical puzzles.
Interestingly, Google noted that of 50 percent hacks of its cloud computing service, more than 80 percent were used to perform cryptocurrency mining.
86 percent of 50 compromised Google Cloud accounts were used to mine cryptocurrencies, according to Google. In a blog post, Google states that cloud customers continue to face a number of threats across applications and infrastructure, “due to poor hygiene and a lack of basic control implementation,” .
In addition, 10 percent of compromised Cloud instances were used to scan other publicly accessible resources on the internet to identify vulnerable systems, and 8 percent of instances were used to launch attacks against other targets. “While data theft did not appear to be the objective of these compromises, it remains a risk associated with the cloud asset compromises as bad actors start performing multiple forms of abuse,” Google stated.
Google has recommended its cloud clients to enable two-factor authentication to improve their account’s security, which adds an extra layer of protection beyond just having a username and password.
The report also stated that the Russian government-backed hacking group APT28, also known as Fancy Bear, is responsible for as many as 12,000 Gmail accounts attacks in a mass phishing attempt, used to fool users into handing over their login credentials.
In their emails, the attackers attempted to entice account holders by writing: “We believe that government-backed attackers might try to steal your account password.”.
Google reported that it identified and blocked all the phishing emails attacks, which were aimed at UK, US and Indian users— and thus far no users’ information was compromised.