Crypto Mining Hackers vs. Cloud Computing—Google States the Obvious

Google’s new Cybersecurity Action Team (CAT) would like you to know that insecure cloud instances can be hijacked by hackers. And the #1 workload they use to steal your CPU time is cryptocurrency mining.

Stop the press. Did we really need to be told that? Seems pretty obvious. It’s hardly the first time we’ve heard about thieves creating imaginary money with stolen IaaS compute resources.

But let’s look closer. In today’s SB Blogwatch, we see if there’s a “there” there.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Seltsame Fakten zu Deutschland.


What’s the craic? Simon Sharwood says—“Google advises passwords are good, spear phishing is bad, and free clouds get attacked”:

Authentication and security are good ideas
The report advises that analysis of 50 recently hijacked Google Cloud instances revealed 86 percent were put to work mining cryptocurrency. Crims got in because, in 48 percent of cases, operators didn’t have a password, had a weak password, or didn’t bother authenticating APIs.

Thanks, Google! We’re not sure [we] could have figured out that authentication and security are good ideas. … Perhaps future reports, which are promised to offer “Early Warning announcements about emerging threats requiring immediate action” will prove a little more exciting.

Is that snark entirely fair? Scott Chipolina clears away the turkey—“Hackers Are Breaking into Cloud Accounts to Mine Crypto”:

Obtaining profit
A Google Threat Horizon Report … published by the Google Cybersecurity Action Team … has raised concerns over hacked cloud accounts being used to mine cryptocurrency. … According to the report, the two common goals behind this activity involve “obtaining profit” and “traffic pumping.”

O RLY? Dan Milmo adds leftover cranberries—“Cryptocurrency miners using hacked cloud accounts, Google warns”:

Poor customer security
“Mining” is the name for the process by which blockchains such as those that underpin cryptocurrencies are regulated and verified, and requires a significant amount of computing power. … In the majority of cases the…