Cyberhackers use compromised cloud accounts to mine cryptocurrency, Google warned.
Details of the mining hack are contained in a report from Google’s Cyber Security Action Team, which spots hack threats against its cloud service – a remote storage system where Google stores customer data and files off. site – and gives advice on how to combat them.
Other threats identified by the team in its first “Threat Horizon” report include: Russian state hackers who attempt to obtain user passwords by warning them that they have been targeted by government-backed attackers; North Korean hackers posing as Samsung recruiters; and the use of heavy encryption in ransomware attacks.
“Mining” is the name of the process by which blockchains such as those underlying cryptocurrencies are regulated and verified, and require a significant amount of computing power. Google reported that out of 50 recent hacks of its cloud computing service, more than 80% were used to perform cryptocurrency mining.
The report states that “86% of compromised Google Cloud instances were used to perform cryptocurrency mining, a for-profit activity that consumes cloud resources,” adding that in the majority of cases, cryptocurrency mining software currency was downloaded within 22 seconds of counting. being compromised. Google said that in three-quarters of cloud hacks, attackers took advantage of poor client security or vulnerable third-party software.
Google’s recommendations to its cloud customers to improve their security include two-factor authentication – an additional layer of security in addition to a generic username and password – and enrollment in the program. safety for the work of the company.
Elsewhere in the report, Google said that Russian government-backed hacking group APT28, also known as Fancy Bear, targeted 12,000 Gmail accounts in a massive phishing attempt, where users were tricked into handing over their login information. Attackers attempted to trick account holders into providing their details via an email that read: “We believe government-backed attackers may try to trick you into obtaining your account password.” Google said it blocked all phishing emails in the attack – which focused on the UK, US and India – and that no user details were compromised .
Another hacking trick reported by Google in the report involved a North Korean-backed group of hackers posing as recruiters at Samsung and sending bogus job offers to employees of information security companies. South Korean. The victims were then directed to a malicious link to malware stored in Google Drive, which is now blocked.
Google said dealing with ransomware attacks, where files and data on a user’s computer are encrypted by the attacker until a payment is made for their release, was difficult because of heavy encryption. “Makes file recovery almost impossible without paying for the decryption tool.” The report signals the emergence of Black Matter, which it describes as a “formidable family of ransomware”.
However, earlier this month, Black Matter announced it was shutting down due to “pressure from the authorities.” Black Matter victims include Japanese tech group Olympus.
The Google report said: “Google has received information that the Black Matter ransomware group has announced it will shut down operations due to outside pressure. Until this is confirmed, Black Matter still poses a risk.