Google’s latest November 2021 Threat Horizons report shows that a large number of compromised Google Cloud instances are used to mine cryptocurrencies. According to the report, as many as 86% of the 50 Google Cloud instances that have been hacked recently are used for cryptocurrency mining; although hackers can take any cryptocurrency they mine and leave, the victims of the attack have to use this Currency pay.
As for the reason for the intrusion attack, Google stated that 48% of the instances’ user account passwords were weak or had no passwords, or did not have API authentication, 26% of the incidents occurred due to vulnerabilities in third-party software in the cloud instance, and 12% were due to Other problems, another 12% are due to misconfiguration of cloud instances or third-party software, and only 4% of hackers are due to leaked credentials, such as keys published to GitHub.
Join RealMi Central on Telegram, Facebook & Twitter
Google believes that many attacks are scripted and do not require human intervention, because, in 58% of the cases, it noticed that the mining software was downloaded to the instance within 22 seconds of being compromised. It said that it is almost impossible to manually respond to scripts, so users should ensure that their systems are free of loopholes or have automated systems to prevent attacks.
In most cases, the victims are not specifically selected by the hackers. Instead, they scan the Google Cloud IP for any vulnerable systems. Google said that insecure instances can be targeted in as little as 30 minutes, so it is very important to follow best practices.