Google Warns Users About Malicious Actors Using Cloud for Cryptocurrency Mining – Bitcoin News

Google has warned users about the use of its Google Cloud platform by malicious actors to mine cryptocurrencies. In its latest Cloud Threat Intelligence report titled “Threat Horizons,” which provides users with security insights, the company said that 86% of compromised instances on Google Cloud platforms were used to mine cryptocurrencies. Most of the compromised accounts were secured with weak passwords or no password.

Google Cloud for cryptocurrency mining

Software giant Google is warning users about malicious actors using compromised Google Cloud accounts to mine cryptocurrency. Google Cloud accounts have access to computing power that can easily be redirected to perform malicious tasks. After the first “Threat Horizons” Test report, issued by Google to draw attention to security vulnerabilities in its platform, 86% of compromised accounts are used for this purpose.

The report states that mining cryptocurrencies in the cloud results in high usage of CPU and/or GPU performance. It also refers to the mining of alternative cryptocurrencies such as Chia, which use disk space as a mining resource.

Causes and remedies

The first cause of the compromise of the examined Google Cloud instances was the lack of security due to various issues. One of these issues was a weak or non-existent password to access the platform or a lack of API validation in the instance. Without basic security measures, a malicious actor can easily take hold of these platforms. Other cloud platforms are also just around the corner similar problems.

Most of the examined instances downloaded cryptocurrency mining software in less than 22 seconds after being compromised. This shows that there are systematic attacks on these unsecured entities with the sole intention of using them for this purpose. Additionally, the malicious actors appear to be actively pursuing these unsecured Google instances, as 40% of unsecured instances were compromised within eight hours of deployment. Google explained:

This suggests that the public IP address space is routinely scanned for vulnerable cloud instances. What matters is not whether a vulnerable cloud instance is detected, but when.

To mitigate these risks, the report recommends users follow basic security best practices and implement container analysis and web scanning, tools that examine the system for security weaknesses using various techniques such as crawling.

What do you think about malicious actors using Google Instances to mine cryptocurrency? Tell us in the comments section below.

Photo credits: Shutterstock, Pixabay, Wiki Commons