Crypto miners are using compromised cloud accounts to scale their illicit operations, the internet giant, Google warned in a report recently published, entitled ‘Threat Horizons’ by its cybersecurity action team.
According to the findings, 86 percent of the 50 hacked Google Cloud Platforms (GCPs), which use a lot of computational resources and storage space, were targeted for cryptocurrency mining. Additionally, the team elaborated that a piece of crypto mining software was downloaded within 22 seconds of the account being compromised for the majority of the cases.
“This suggests that the initial attacks and subsequent downloads were scripted events not requiring human intervention. The ability to manually intervene in these situations to prevent exploitation is nearly impossible,” the report stated.
Hackers are exploiting poor customer security or vulnerability in third-party software to exploit these cloud platforms.
Moreover, Google’s cybersecurity action recommended the users of its cloud services to use two-factor authentication and use the services from the company's work safer security program.
Phishing Attacks
In addition to the threats of crypto mining, the internet giant warned against phishing attacks, mostly by Russian cybercriminals who usually send warnings to users that their accounts were targeted by government-backed attackers and North Korean cybercriminals who targeted people disguised as Samsung recruiters.
“We believe that government-backed attackers may be trying to trick you to get your account password,” one of the phishing emails stated.
Furthermore, the report stressed the threats of growing ransomware attacks, which use sophisticated and heavily encrypted software to extort money by locking the data.
“Google has received reports that the Black Matter ransomware group has announced it will shut down operations given outside pressure. Until this is confirmed, Black Matter still poses a risk,” the report stated.