Google’s cyber security action team released a report, which details hacking threats to its cloud service. The report, called Threat Horizons, is the first such report to be released by the team.
Compromised Google Cloud Accounts Used To Mine Crypto
The report stated that 85% of compromised Google Cloud accounts were used for crypto mining using the Google Cloud resources. According to the report, most of the compromised accounts had crypto mining software downloaded into them within 22 seconds of being compromised. The team said that the hackers had taken advantage of poor security measures and vulnerabilities in third-party software to compromise the accounts.
To avoid such cases, the team recommended that cloud customers improve their security measures such as using two-factor authentication. Another added layer of security would be of using a complex password and signing up to Google’s work safer security program.
The report also highlighted the rise of ransomware attacks. In these attacks, files and data on a computer are encrypted and the victim is asked to pay a ransom, usually in crypto. The heavy encryption used to lock the files means victims can’t access their files without paying for the decryption. According to the report, one of the main ransomware used was in the Black Matter family. According to the report, Black Matter is an offspring of Dark Side ransomware. It is capable of encrypting large amounts of data in a relatively short period. Past victims of Black Matter include Olympus, a Japanese tech giant.
The Threat Horizons report stated that Google had seen reports which claim Black Matter was shutting down. Pressure from government agencies had forced them to make this decision. However, until this was confirmed, Google stated that Black Matter still poses a risk.
The report also highlighted other threats. They include Russian state hackers who had attempted to gain the password of users by warning them they have been targeted by government-backed hackers. North Korea hackers were also highlighted. These hackers posed as job recruiters for Samsung and they used that to facilitate heavy-encryption ransomware attacks.
The report noted that a government-backed hacking group from Russia called APT28 aka Fancy Bear had targeted 12,000 Gmail accounts in a mass phishing hack. Users were tricked into handing over their details during the hack. According to the report, Google had blocked all phishing emails involved in the attack, which targeted UK, US, and Indian accounts. The report stated that no accounts had been compromised in the attack.
The report stated that Google’s Threat Analysis Group (TAG), had observed hackers abusing Google Cloud resources to generate traffic for YouTube view count manipulation. Upon detection, the hackers switched to Qwiklab projects. However, the Cloud abuse team quickly dealt with the offensive.
The report could prove quite useful to organizations that use Google Cloud services. In the future, it could ensure that taking a few basic security measures like two-factor authentication, helps to reduce instances of crypto-jacking. The problem has been around for a while now, and companies have been responding to the threat effectively.
Notice: Information contained herein is not and should not be construed as an offer, solicitation, or recommendation to buy or sell securities. The information has been obtained from sources we believe to be reliable; however, no guarantee is made or implied with respect to its accuracy, timeliness, or completeness. Authors may own the cryptocurrency they discuss. The information and content are subject to change without notice. Visionary Financial and its affiliates do not provide investment, tax, legal, or accounting advice.