In a report aimed at assessing threats to cloud users, the Google Cybersecurity Action Team stated that some attackers are using “poorly configured” accounts to mine cryptocurrency.
The Google team said Wednesday that of the 50 analyzed events that led to the Google cloud protocol breach, 86% were related to cryptocurrency mining. Hackers have used compromised cloud accounts to access the resources of individual processors or GPUs in order to mine tokens or take advantage of storage space when mining coins on the Chia network.
However, the Google team reported that many of the attacks were not limited to a single malicious act such as cryptomining, but were also orchestrated to carry out other hacks and identify other vulnerable systems. According to the Cyber Security Group, players typically gained access to cloud accounts as a result of “poor customer security practices” or “compromised third-party software.”
“While data theft was not the goal of these trade-offs, there is still a risk of compromising cloud assets as attackers begin to commit various forms of abuse,” said the Cyber Security Task Force. Public clouds facing the internet were open to brute force attacks and scanning.
The attack speed was also great. According to a Google analysis, in most of the incidents analyzed, the hackers were able to download a crypto-mining program for the hacked accounts within 22 seconds. Google suggested that “the first attacks and subsequent downloads were scripted events that did not require human intervention,” and said it was nearly impossible to manually intervene to stop such events when they began.
Related: Google bans 8 ‘misleading’ encryption apps from Play Store
Attacking the cloud accounts of many users in order to gain access to additional computing power is not a new way to extract cryptocurrency illegally. “Cryptojacking,” as many in the space call it, has been accompanied by several high-profile incidents, including the alleged 2019 Capital One hack of using credit card users’ servers to mine cryptocurrency. However, the use of browser-based cryptojacking as well as post-access cryptocurrency mining by downloading fake apps is still a problem for many users.