The perpetrators frequently acquired access to Cloud accounts through “poor customer security practices” or “weak third-party applications,” according to the study.
Google‘s Cybersecurity Action Team warned in a paper targeted at analyzing threats to Cloud customers that some attackers are mining cryptocurrencies via “poorly setup” accounts.
The Google team revealed on Wednesday that crypto mining was involved in 86 percent of the 50 investigated instances that affected the Google Cloud Protocol. The hackers utilized the hacked Cloud accounts to gain access to resources from people’s CPUs or GPUs in order to mine tokens or take advantage of storage space when mining currencies on the Chia Network.
However, Google’s team noted that many of the intrusions were used as staging grounds for subsequent hacks and the identification of more susceptible systems, rather than being restricted to a single malevolent action like crypto mining. The perpetrators frequently acquired access to Cloud accounts as a consequence of “poor customer security practices” or “weak third-party software,” according to the cybersecurity team.
“While data theft did not appear to be the objective of these compromises, it remains a risk associated with the Cloud asset compromises as bad actors start performing multiple forms of abuse,” said the Cybersecurity Action Team. “The public Internet-facing Cloud instances were open to scanning and brute force attacks.”
The attacks were also notable for their rapidity. According to Google’s investigation, in the majority of the events investigated, hackers were able to download crypto mining software to the hacked accounts in under 22 seconds. “The first attacks and subsequent downloads were planned activities that did not require human interaction,” Google claimed, adding that actively intervening to halt such situations once they started would be extremely impossible.
An assault on several users’ Cloud accounts to obtain access to more computer power isn’t a novel way to mine cryptocurrency illegally. Many in the field refer to this as “cryptojacking,” and there have been numerous high-profile examples, including a hack of Capital One in 2019 that reportedly used credit card customers’ servers to mine cryptocurrency.
For many users, however, browser-based cryptojacking as well as mining cryptocurrency after acquiring access through fraudulent software downloads remains an issue.