Skip to content

Revealed: 86% of hacked Google Cloud accounts used for illegal crypto mining

Revealed: 86% of hacked Google Cloud accounts used for illegal crypto mining

A new cyber security report by Google has revealed that most compromised Google Cloud accounts are used for cryptocurrency mining. 

The report dubbed Threat Horizons indicated [PDF] that 86% of the hacked accounts were deployed for crypto mining, with the search giant terming the activity as cloud resource-intensive for-profit. 

Google added that almost 10% of the compromised accounts were used to conduct scans of other publicly available internet resources to identify vulnerable systems. Elsewhere, another 8% of the hacked accounts were leveraged to attack other targets.

The report also noted that most of the successful attacks for mining are due to poor passwords by users and a lack of basic control implementation. Google added that the cloud platform is also increasingly witnessing phishing campaigns and ransomware. 

Instances of compromised Google Cloud accounts. Totals do not add up to 100% because some compromised instances performed multiple malicious activities. Source: Google

“Attackers also continue to exploit poorly configured Cloud instances to obtain profit through cryptocurrency mining and traffic pumping. The universe of ransomware also continues to expand with the discovery of some new ransomware that appears to be offshoots of existing malware with mixed capabilities,” Google said. 

Interestingly, 58% of cryptocurrency mining software breaches were downloaded within 22 seconds of the account being compromised. 

Additionally, Google said that the hackers did not appear interested in stealing victims’ data, but compromising the accounts remains a significant risk.

Threat from Russian hackers

At the same time, Google added that Russian government-backed hacking group APT28, also known as Fancy Bear, attacked about 12,000 Gmail accounts in a mass phishing attempt, tricking users into handing over their login details.

Google also revealed that another hacking involved a North Korea-backed hacker group posing as recruiters at Samsung and sending fake job opportunities to South Korean information security firms employees.  

The report urged users to improve their security by incorporating two-factor authentication – an extra layer of security on top of the generic username and password alongside signing up to its work safer security program.


Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in 70+ cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10.

  • Copy top-performing traders in real time, automatically.

  • Regulated by financial authorities including FCA and FINRA.

2.8 Million Users
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. eToro USA LLC does not offer CFDs, only real Crypto assets available. Don’t invest unless you’re prepared to lose all the money you invest.

Read Next:

Weekly Finance Digest

Related posts