213

Revealed: 86% of hacked Google Cloud accounts used for illegal crypto mining

Revealed: 86% of hacked Google Cloud accounts used for illegal crypto mining
Justinas
Baltrusaitis
9 months ago
2 mins read

A new cyber security report by Google has revealed that most compromised Google Cloud accounts are used for cryptocurrency mining. 

The report dubbed Threat Horizons indicated [PDF] that 86% of the hacked accounts were deployed for crypto mining, with the search giant terming the activity as cloud resource-intensive for-profit. 

Google added that almost 10% of the compromised accounts were used to conduct scans of other publicly available internet resources to identify vulnerable systems. Elsewhere, another 8% of the hacked accounts were leveraged to attack other targets.

The report also noted that most of the successful attacks for mining are due to poor passwords by users and a lack of basic control implementation. Google added that the cloud platform is also increasingly witnessing phishing campaigns and ransomware. 

Instances of compromised Google Cloud accounts. Totals do not add up to 100% because some compromised instances performed multiple malicious activities. Source: Google

“Attackers also continue to exploit poorly configured Cloud instances to obtain profit through cryptocurrency mining and traffic pumping. The universe of ransomware also continues to expand with the discovery of some new ransomware that appears to be offshoots of existing malware with mixed capabilities,” Google said. 

Interestingly, 58% of cryptocurrency mining software breaches were downloaded within 22 seconds of the account being compromised. 

Additionally, Google said that the hackers did not appear interested in stealing victims’ data, but compromising the accounts remains a significant risk.

Threat from Russian hackers

At the same time, Google added that Russian government-backed hacking group APT28, also known as Fancy Bear, attacked about 12,000 Gmail accounts in a mass phishing attempt, tricking users into handing over their login details.

Google also revealed that another hacking involved a North Korea-backed hacker group posing as recruiters at Samsung and sending fake job opportunities to South Korean information security firms employees.  

The report urged users to improve their security by incorporating two-factor authentication – an extra layer of security on top of the generic username and password alongside signing up to its work safer security program.

What we like:

Highly credible broker

Perfect for beginners

Protected by insurance

80+ cryptocurrencies to invest

Latest News

Join us on Twitter or Telegram

Or follow us on Flipboard Flipboard

Like the article? Vote up or share on your social media

Recommended content

Weekly Finance Digest

By subscribing you agree with Finbold T&C’s

Justinas Baltrusaitis
Author

Justin crafts insightful data-driven stories on finance, banking, and digital assets. His reports were cited by many influential outlets globally like Forbes, Financial Times, CNBC, Bloomberg, Business Insider, Nasdaq.com, Investing.com, Reuters, among others.

AD