Langsung ke konten utama

Google Alerts Users About Malicious Actors Using Cloud for Cryptocurrency Mining

google cloud

Google has warned users about the use of its Google Cloud platform by malicious actors to mine cryptocurrencies. In its latest Cloud Threat Intelligence report titled “Threat Horizons,” which provides users with security insights, the company informed that 86% of the compromised instances on Google Cloud platforms were being used to mine cryptocurrencies. Most of the accounts compromised were secured with weak passwords or with no password at all.

Google Cloud Used to Mine Cryptocurrencies

Software giant Google is alerting users about malicious actors using compromised Google Cloud accounts for mining cryptocurrency. Google Cloud accounts have access to processing power that can be easily redirected to perform malicious tasks. According to the first “Threat Horizons” report, issued by Google to raise awareness about the security weaknesses in its platform, 86% of the compromised accounts are used for this purpose.

The report states that cryptocurrency mining in the cloud causes high usage of CPU and/or GPU power. It also makes reference to the mining of alternative cryptocurrencies like Chia, which use storage space as a mining resource.

Causes and Mitigation

The first cause of the compromise of the examined Google Cloud instances was poor security due to different issues. One of these issues was a weak or inexistent password to access the platform, or a lack of API validation in the instance. With no basic security measures applied, a malicious actor can easily take hold of these platforms. Other cloud platforms are also facing similar problems.

Most of the studied instances downloaded the cryptocurrency mining software in less than 22 seconds after being compromised. This shows that there are systematic attacks of these unsecured instances, with the sole intention being to use them for this purpose. Also, the malicious actors seem to be tracking these unsecured Google Instances actively, given that 40% of the unsecured instances were compromised within eight hours of being deployed. Google stated:

This suggests that the public IP address space is routinely scanned for vulnerable Cloud instances. It will not be a matter of if a vulnerable Cloud instance is detected, but rather when.

To mitigate these risks, the report recommends users follow basic best security practices and implement container analysis and web scanning, tools that will probe the system for security weaknesses using different techniques like crawling.

What do you think about the use of Google Instances to mine cryptocurrency by malicious actors? Tell us in the comments section below.



source https://news.bitcoin.com/google-alerts-users-about-malicious-actors-using-cloud-for-cryptocurrency-mining/
Label:

Komentar

Posting Komentar

Postingan populer dari blog ini

Spanish Treasury Secretary Says Cryptocurrencies Carry a ‘Risk of Default’, Repeats Bank of Spain’s Lack of Regulation Rhetoric

The government of Spain continues to harden its stance against widely adopting cryptocurrencies. The Spanish Secretary of State for the Economy recently expressed her concerns on risks that she thinks cryptos possess for the national economy. Secretary Doesn’t Like Bitcoin as It Cannot Be ‘Supervised or Sanctioned’ During the Online Fintech Summit 2021 , Ana de la Cueva said that cryptocurrencies such as bitcoin ( BTC ) carry “a risk of default, given that the user does not have the protection offered by traditional payment systems against a default by the counterparty.” In fact, the Secretary blasted off on the lack of a “centralized guarantee system” in bitcoin. Interestingly, at the beginning of her speech, De La Cueva mentioned that the cryptocurrency’s technology is based on blockchain. However, she later pointed out that there is no standard “clarity” on the nature of bitcoin. The Secretary repeated the same rhetoric of Spanish state entities on crypto assets, saying that th...
Posting Komentar
Baca selengkapnya

Barry Silbert Resigns as Chairman of Grayscale Investments

Digital Currency Group (DCG) founder Barry Silbert has resigned from his position as the chairman of Grayscale Investments. Current DCG chief financial officer Mark Shifke succeeds Silbert and is joined by Edward McGee and Matthew Kummell as members of the new look board. Preparing for Grayscale’s Next Chapter Barry Silbert, the founder and CEO of Digital Currency Group, has resigned from his position as chairman of the digital asset management company Grayscale and will be replaced by Mark Shifke. According to the company’s filing with the Securities and Exchange Commission (SEC), starting Jan. 1, 2024, Grayscale’s board will be composed of Mark Shifke, Matthew Kummell, and Edward McGee. Current Grayscale Investments CEO Michael Sonnenshein is also a board member, while Mark Murphy, the president of Digital Currency Group (DCG), departs alongside Silbert. Commenting on the changes to the board, an unidentified Grayscale spokeswoman reportedly said: “Grayscale and our investors ...
Posting Komentar
Baca selengkapnya

48 US Lawmakers Ask SEC Chair Gensler to Clarify Whether ETH Is a Security — Warn of ‘Negative Repercussions’

Forty-eight U.S. lawmakers have sent a letter to U.S. Securities and Exchange Commission (SEC) Chairman Gary Gensler asking him to clarify whether ether is a security. “The negative repercussions of the SEC implicitly or directly classifying ETH as a digital asset security will cascade throughout the digital asset marketplace both in the short and long […] source https://news.bitcoin.com/48-us-lawmakers-ask-sec-chair-gensler-to-clarify-whether-eth-is-a-security-warn-of-negative-repercussions/
Posting Komentar
Baca selengkapnya