A report released this week by Google indicates that a majority of recently attacked accounts on its Google Cloud Platform service were used to mine cryptocurrency.
The Threat Horizons report for November stated that “[m]alicious actors were observed performing cryptocurrency mining within compromised Cloud instances.”
“Of 50 recently compromised GCP instances, 86% of the compromised Google Cloud instances were used to perform cryptocurrency mining, a cloud resource-intensive for-profit activity, which typically consumed CPU/GPU resources, or in cases of Chia mining, storage space,” the report went on to say.
As for the modes of attack, Google contended that the majority of cases involved “poor” practices on the part of Cloud users or third-party applications that introduced vulnerabilities.
“As shown in Table 2, 48% of compromised instances were attributed to actors gaining access to the Internet-facing Cloud instance, which had either no password or a weak password for user accounts or API connections,” Google said. “As a result, these Google Cloud instances could be easily scanned and brute forced. 26% of compromised instances were attributed to vulnerabilities in third-party software, which was installed by the owner.”
The report doesn’t indicate over what timeline those Google Cloud instances were attacked; however, the report does provide a window into the extent that digital workspaces continue to be a target for would-be malicious miners.