Google’s cybersecurity action team has released a report ‘Threat Horizons’, that analyses the global cybersecurity threat landscape. The report brings up cloud computing and the issues of cryptocurrency mining abuse, phishing campaigns, and ransomware.
The Threat Horizons report warns of the threats against Google’s cloud service, and provides advice on how best to tackle these. Cryptocurrency mining was brought up in the report as the reason for over 80% of the cloud hacks.
“Malicious actors were observed performing cryptocurrency mining within compromised Cloud instances. Of 50 recently compromised GCP instances, 86% of the compromised Google Cloud instances were used to perform cryptocurrency mining, a cloud resource-intensive for-profit activity, which typically consumed CPU/GPU resources, or in cases of Chia mining, storage space.” The report noted.
While the report cites the strong incidence of crypto-mining centred attacks, the Google report also notes a number of other threats including Russian state hackers, North Korean hackers posing as Samsung job recruiters, and Black Matter ransomware attacks:
“The cloud threat landscape in 2021 was more complex than just rogue cryptocurrency miners, of course. Google researchers from TAG exposed a credential phishing attack by Russian government-supported APT28/Fancy Bear at the end of September that Google successfully blocked; a North Korean government-backed threat group which posed as Samsung recruiters to send malicious attachments to employees at several South Korean anti-malware cybersecurity companies; and detected customer installations infected with Black Matter ransomware”
According to the report, malicious actors gained access to Google cloud largely due to poor customer security practices or vulnerable third-party software, which accounted for 75% of cases. While the ransomware group Black Matter has reportedly shut down their operations, Google noted that until this is confirmed, the ransomware group still poses a risk. The recommendations outlined in the report include adding two-factor authentication, as well as signing up to Google’s ‘work safer’ programme.
As ransomware attacks and cyber-criminals are increasingly making use of cryptocurrency payment platforms, governments and regulatory bodies are attempting to crack down on this area of cyber crime. Czech crypto exchange SUEX was sanctioned this September for their role in allegedly facilitating ransomware attacks from at least 8 ransomware variants.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.