The report said the actors usually gained access to Cloud accounts
because of “poor customer security practices” or “vulnerable third-party
software.”
In a report aimed at assessing threats to Cloud users, Google’s
Cybersecurity Action Team said that some attackers are exploiting
“poorly configured” accounts to mine cryptocurrency.
On Wednesday, the Google team said
out of 50 analyzed incidents that compromised the Google Cloud
Protocol, 86% were related to crypto mining. The hackers used the
compromised Cloud accounts to access resources from individuals’ CPUs or
GPUs to mine tokens or take advantage of storage space when mining coins on the Chia Network.
However,
Google’s team reported that many of the attacks were not limited to a
single malicious action like crypto mining, but also as a staging point
to conduct other hacks and identify other vulnerable systems. According
to the cybersecurity team, the actors usually gained access to Cloud
accounts as a result of “poor customer security practices” or
“vulnerable third-party software.”
“While data theft did not
appear to be the objective of these compromises, it remains a risk
associated with the cloud asset compromises as bad actors start
performing multiple forms of abuse,” said the Cybersecurity Action Team.
“The public Internet-facing Cloud instances were open to scanning and
brute force attacks.”
The speed of the attacks was also
noteworthy. According to Google’s analysis, hackers were able to
download crypto mining software to the compromised accounts within 22
seconds in the majority of the incidents analyzed. Google suggested that
“the initial attacks and subsequent downloads were scripted events not
requiring human intervention” and said it would be nearly impossible to
manually intervene to stop such incidents once they started.
An
attack on multiple users’ Cloud accounts to gain access to additional
computing power is not a new approach to illicitly mining crypto.
‘Cryptojacking’, as it is known by many in the space, has had several
high-profile incidents including a hack of Capital One in 2019 to allegedly use credit card users’ servers to mine crypto. However, browser-based cryptojacking as well as mining crypto after gaining access through deceptive app downloads is also still a problem for many users.
