October 1, 2022

A report released this week by Google indicates that a majority of recently attacked accounts on its Google Cloud Platform service were used to mine cryptocurrency.

Soucre: Digital Vision

The Threat Horizons report for November stated that “[m]alicious actors were observed performing cryptocurrency mining within compromised Cloud instances.”

“Of 50 recently compromised GCP instances, 86% of the compromised Google Cloud instances were used to perform cryptocurrency mining, a cloud resource-intensive for-profit activity, which typically consumed CPU/GPU resources, or in cases of Chia mining, storage space,” the report went on to say.

Source: Finbold

As for the modes of attack, Google contended that the majority of cases involved “poor” practices on the part of Cloud users or third-party applications that introduced vulnerabilities.

“As shown in Table 2, 48% of compromised instances were attributed to actors gaining access to the Internet-facing Cloud instance, which had either no password or a weak password for user accounts or API connections,” Google said. “As a result, these Google Cloud instances could be easily scanned and brute forced. 26% of compromised instances were attributed to vulnerabilities in third-party software, which was installed by the owner.”

Source: CTG

The report doesn’t indicate over what timeline those Google Cloud instances were attacked; however, the report does provide a window into the extent that digital workspaces continue to be a target for would-be malicious miners.