Google warned in a report this week about malicious attacks led by hackers who compromise Google accounts to carry out mining activities.
Hackers are compromising the accounts of Google cloud storage service, Google Cloud, to mine digital currencies. Google cybersecurity team warned about these attacks in a report published this week.
Called Threat Horizons, the report comes from an investigation that sought to assess the threats to which users of the first Google services could get exposed and provides a detailed look at the malicious activities carried out by hackers from compromised accounts.
Among the findings, the investigation discovered that most Google Cloud profiles would become a tool for hackers to mine cryptocurrencies.
Hackers used compromised cloud accounts to access people’s CPU or GPU resources to mine tokens or take advantage of storage space when mining coins on the Chia network.
Hackers Installed Crypto Mining Viruses In 20 Seconds
Furthermore, the report also drew attention to the speed of these attacks. For most breaches, the cryptocurrency mining software got downloaded within 22 seconds of the account breach.
In this regard, the team suggested that the initial attacks and subsequent downloads were events that did not require human intervention and said it would be almost impossible to intervene manually to stop such incidents once they started.
According to the cybersecurity team, cyber attackers managed to gain access to cloud accounts because of the poor customer security practices implemented on said accounts. However, the report highlighted that the attacks’ goals were to carry out mining activities and other malicious activities.
The hacking of Google Cloud accounts also served as a starting point for other attacks. The report found that 10% of the compromised accounts helped scan other publicly available resources on the Internet to identify vulnerable systems. Meanwhile, 8% of the instances served to attack other targets. Also, in some cases, multiple malicious activities got carried out from the same compromised account.
Google Reveals other Attacks
To avoid the vulnerability of the accounts, Google made a series of recommendations to the users of its cloud service to improve their security measures. Among them, he suggested applying two-factor authentication, changing his password to a more robust one, and signing up for the company’s job security program.
Beyond crypto-mining attacks targeting Google Cloud, the report also highlighted other eye-catching security threats. The search giant stated that the hacker group APT28, allegedly supported by the Russian government, targeted 12,000 Gmail accounts in a massive phishing attempt.
The hackers, also known as Fancy Bear, tried to convince email account holders to hand over their details via email. Google claimed that it had blocked all phishing emails in the attack, which targeted the UK, US, and India, and that user data did not suffer further compromise.
The report also revealed another hacking attack involving North Korean hackers posing as Samsung recruiters. The attackers sent bogus job opportunities to members of security companies in South Korea and then directed the victims to a malicious malware link stored on Google Drive.
By: Jenson Nuñez