Search engine Google has issued a warning that hacked Google cloud accounts are being used by cryptocurrency miners for the purpose of computationally-intensive mining. The cybersecurity team of the search giant has provided details of a security breach in a report named ‘Threat Horizons, which was published on Wednesday. The purpose of the report is to provide intelligence that can assist organizations in keeping their cloud environments as safe and secure as possible. According to an executive summary of the report, Google said that it observed malicious actors using compromised cloud accounts for the purpose of crypto mining.
Crypto mining is an activity that is carried out for profit and it often needs large amounts of computing power. This power can be accessed by Google Cloud customers for a price. A remote storage platform, Google Cloud is used by customers for keeping their files and data off-site. According to Google, it discovered that out of the 50 Google Cloud accounts that were compromised recently, at least 86% of them were used for performing crypto mining. Google further disclosed that in most of the breaches that occurred, it had taken just 22 seconds for a crypto mining software to be downloaded after the account was hacked.
Moreover, 10% of the hacked accounts were also used for conducting scans of other resources that are publicly available over the internet in order to identify any vulnerable systems. Likewise, 8% of the compromised accounts were also used for attaching other potential targets. The most popular cryptocurrency in the world, Bitcoin has received a lot of criticism from people for being energy-intensive. A significant amount of energy is used for Bitcoin mining, which is at times even more than what entire countries use. A suspected Cannabis farm was raided by the police back in May, only to discover that it was actually an illegal bitcoin mine.
In a blog post, Google Cloud’s security editor, Seth Rosenblatt and director of the officer of Google Cloud’s chief information security officer, Bob Mechler, said that the cloud threat landscape is a lot more complex in 2021 than just comprising of rogue crypto miners. They revealed that researchers at Google had also exposed a phishing attack made in the end of September by APT28/Fancy Bear, a Russian Group. Fortunately, the attack was blocked by Google. A threat group backed by the North Korean government was also identified by Google researchers. They had posted as Samsung recruiters for sending employees of a number of anti-malware South Korean cybersecurity companies some malicious attachments.
With the popularity of crypto mining, these problems do not really come as a surprise. With China imposing a ban on crypto mining this year, it is likely that there may be an increase in such activities. This is because the country was responsible for 50% of the global crypto mining and now miners are forced to look for alternatives that are not easy to find. Many countries have already begun to take notice of crypto mining due to power consumption and this could be a problem in the future.