Langsung ke konten utama

Google Alerts Users About Malicious Actors Using Cloud for Cryptocurrency Mining

google cloud

Google has warned users about the use of its Google Cloud platform by malicious actors to mine cryptocurrencies. In its latest Cloud Threat Intelligence report titled “Threat Horizons,” which provides users with security insights, the company informed that 86% of the compromised instances on Google Cloud platforms were being used to mine cryptocurrencies. Most of the accounts compromised were secured with weak passwords or with no password at all.

Google Cloud Used to Mine Cryptocurrencies

Software giant Google is alerting users about malicious actors using compromised Google Cloud accounts for mining cryptocurrency. Google Cloud accounts have access to processing power that can be easily redirected to perform malicious tasks. According to the first “Threat Horizons” report, issued by Google to raise awareness about the security weaknesses in its platform, 86% of the compromised accounts are used for this purpose.

The report states that cryptocurrency mining in the cloud causes high usage of CPU and/or GPU power. It also makes reference to the mining of alternative cryptocurrencies like Chia, which use storage space as a mining resource.

Causes and Mitigation

The first cause of the compromise of the examined Google Cloud instances was poor security due to different issues. One of these issues was a weak or inexistent password to access the platform, or a lack of API validation in the instance. With no basic security measures applied, a malicious actor can easily take hold of these platforms. Other cloud platforms are also facing similar problems.

Most of the studied instances downloaded the cryptocurrency mining software in less than 22 seconds after being compromised. This shows that there are systematic attacks of these unsecured instances, with the sole intention being to use them for this purpose. Also, the malicious actors seem to be tracking these unsecured Google Instances actively, given that 40% of the unsecured instances were compromised within eight hours of being deployed. Google stated:

This suggests that the public IP address space is routinely scanned for vulnerable Cloud instances. It will not be a matter of if a vulnerable Cloud instance is detected, but rather when.

To mitigate these risks, the report recommends users follow basic best security practices and implement container analysis and web scanning, tools that will probe the system for security weaknesses using different techniques like crawling.

What do you think about the use of Google Instances to mine cryptocurrency by malicious actors? Tell us in the comments section below.



source https://news.bitcoin.com/google-alerts-users-about-malicious-actors-using-cloud-for-cryptocurrency-mining/

Label

Label:

Komentar

Posting Komentar

Postingan populer dari blog ini

Barry Silbert Resigns as Chairman of Grayscale Investments

Digital Currency Group (DCG) founder Barry Silbert has resigned from his position as the chairman of Grayscale Investments. Current DCG chief financial officer Mark Shifke succeeds Silbert and is joined by Edward McGee and Matthew Kummell as members of the new look board. Preparing for Grayscale’s Next Chapter Barry Silbert, the founder and CEO of Digital Currency Group, has resigned from his position as chairman of the digital asset management company Grayscale and will be replaced by Mark Shifke. According to the company’s filing with the Securities and Exchange Commission (SEC), starting Jan. 1, 2024, Grayscale’s board will be composed of Mark Shifke, Matthew Kummell, and Edward McGee. Current Grayscale Investments CEO Michael Sonnenshein is also a board member, while Mark Murphy, the president of Digital Currency Group (DCG), departs alongside Silbert. Commenting on the changes to the board, an unidentified Grayscale spokeswoman reportedly said: “Grayscale and our investors ...
Posting Komentar
Baca selengkapnya

Bitcoin 2024: Ten Months in Review, Key Milestones, and Expert Predictions for Year-End

As of Nov. 11, 2024, bitcoin (BTC), the undisputed crypto heavyweight, has enjoyed a phenomenal year. Over the last ten months, it has been breaking records across the board. From hashrates to daily transaction peaks, price surges, and making an impact in non-fungible tokens (NFTs) and decentralized finance (defi), BTC has been on a non-stop […] source https://news.bitcoin.com/bitcoin-2024-ten-months-in-review-key-milestones-and-expert-predictions-for-year-end/
Posting Komentar
Baca selengkapnya

Cryptoquant CEO: US Strategic Bitcoin Reserve Adoption Unlikely Amid Economic Strength

Since Donald Trump was elected the 47th President of the United States, bitcoin advocates have faced skepticism about whether his administration and the forthcoming Congress would introduce a strategic bitcoin reserve. Cryptoquant CEO: ‘Bitcoin Standard’ Needs U.S. Economic Decline to Gain Traction Ki Young Ju, CEO of Cryptoquant, took to social media to voice his […] source https://news.bitcoin.com/cryptoquant-ceo-us-strategic-bitcoin-reserve-adoption-unlikely-amid-economic-strength/
Posting Komentar
Baca selengkapnya