Hackers Are Attacking Cloud Accounts to Mine Cryptocurrencies, Google Says

Square to Consider Building a Bitcoin Mining System

Visit the original article*

Hacked Google Cloud accounts were used by 86% of the “malicious actors” to mine crypto currencies, according to a new report.

Of the 50 hacked Google Cloud Platforms or GCPs, 86% of them were used for cryptocurrency mining, which typically consumes large amounts of computing resources and storage space, Google’s Cybersecurity Action Team wrote in the report. The remainder of the hacking activities included phishing scams and ransomware.

Exploits remain common in the digital assets space, especially with large amounts of capital flowing into the industry. In May a hacking group installed crypto mining malware into a company server through a weakness in Salt, a popular infrastructure tool used by the likes of IBM, LinkedIn and eBay.

Moreover, in August, more than $600 million was stolen in one of the biggest crypto heists to date, exploiting a vulnerability in the Poly Network, although some of the amounts were returned. Meanwhile, Mt. Gox, the world’s largest bitcoin exchange at the time, filed for bankruptcy in March 2014 after hackers stole $460 million worth of crypto.

Poor security practices

Most of these attacks on the GCPs are primarily due to poor security practices by the customers, including the use of weak or no passwords. “Malicious actors gained access to the Google Cloud instances by taking advantage of poor customer security practices or vulnerable third-party software in nearly 75% of all cases,” the report said.

In the cases of hackers using accounts to mine cryptocurrencies, mining softwares were installed within 22 seconds of the attack, making manual interventions ineffective in preventing such attacks. “The best defense would be to not deploy a vulnerable system or have automated response mechanisms,” the report recommended.

To prevent such attacks, the team recommended several different security approaches including scanning for vulnerabilities, using two-factor authentication and implementing Google’s “Work Safer” product for security.

“Given these specific observations and general threats, organizations that put emphasis on secure implementation, monitoring and ongoing assurance will be more successful in mitigating these threats or at the very least reduce their overall impact,” the authors concluded.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

What do you think?

Kryptomon Partners with BakerySwap For Mystery Box Sale And New Exclusive NFT Giveaway Campaign

Kryptomon Partners with BakerySwap For Mystery Box Sale And New Exclusive NFT Giveaway Campaign

Bicoin Prominance

Trader’s Don’t Miss This Bitcoin Buying Opportunity And Enjoy 70% Jump Later!