Google’s cybersecurity team claims that cryptocurrency mining abuse is making Google Cloud accounts more vulnerable to hacking. The information was shared in a new report titled ‘Threat Horizons’ by Google‘s Cybersecurity Action Team this month. The report notes that Google Cloud users are also vulnerable to phishing attempts by a Russian group that also targeted Yahoo mail users. Other threats come from North Korean hackers who impersonate employment recruiters and promise jobs at Samsung. There’s also Black Matter ransomware affecting the system but the company notes it does not “exfiltrate data."
Google says the new report is based on threat intelligence observation from TAG (threat analysis group) and other internal teams. The report highlights, “It [threat analysis] provides actionable intelligence that enables organisations to ensure their cloud environments are best protected against ever-evolving threats. In this and future threat intelligence reports, Google will provide threat horizon scanning, trend tracking, and Early Warning announcements about emerging threats requiring immediate action." However, it is important to note that users’ cloud could be vulnerable due user-side misconfiguration issues, weak security practices or vulnerable third-party software.
Speaking on compromised Google Cloud accounts, 86 percent of instances are comprised of cryptocurrency mining. Additionally, 10 percent of compromised Cloud instances were used to conduct scans of other publicly available resources on the internet to identify vulnerable systems, and 8 percent of instances were used to attack other targets. Google notes that data theft did not appear to be the immediate objective of these compromises, vulnerable accounts are prone to multiple forms of abuse.
The report lists out some of the most common practices to mitigate online threats. Starting with the simplest solution, Google Cloud customers should employ two-factor authentication and not use common passwords across platforms. For organisations, the report adds that customers can enrol in the Advanced Protection Programme and use Google’s Work Safer that provides companies with access to additional security tools for email, meetings, messages, documents, and more.