Posts

Crypto Mining Hackers vs. Cloud Computing—Google States the Obvious


Google’s new Cybersecurity Action Team (CAT) would like you to know that insecure cloud instances can be hijacked by hackers. And the #1 workload they use to steal your CPU time is cryptocurrency mining.

Stop the press. Did we really need to be told that? Seems pretty obvious. It’s hardly the first time we’ve heard about thieves creating imaginary money with stolen IaaS compute resources.

But let’s look closer. In today’s SB Blogwatch, we see if there’s a “there” there.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Seltsame Fakten zu Deutschland.

GCP CAT Fluff

What’s the craic? Simon Sharwood says—“Google advises passwords are good, spear phishing is bad, and free clouds get attacked”:

Authentication and security are good ideas
The report advises that analysis of 50 recently hijacked Google Cloud instances revealed 86 percent were put to work mining cryptocurrency. Crims got in because, in 48 percent of cases, operators didn’t have a password, had a weak password, or didn’t bother authenticating APIs.

Thanks, Google! We’re not sure [we] could have figured out that authentication and security are good ideas. … Perhaps future reports, which are promised to offer “Early Warning announcements about emerging threats requiring immediate action” will prove a little more exciting.

Is that snark entirely fair? Scott Chipolina clears away the turkey—“Hackers Are Breaking into Cloud Accounts to Mine Crypto”:

Obtaining profit
A Google Threat Horizon Report … published by the Google Cybersecurity Action Team … has raised concerns over hacked cloud accounts being used to mine cryptocurrency. … According to the report, the two common goals behind this activity involve “obtaining profit” and “traffic pumping.”

O RLY? Dan Milmo adds leftover cranberries—“Cryptocurrency miners using hacked cloud accounts, Google warns”:

Poor customer security
“Mining” is the name for the process by which blockchains such as those that underpin cryptocurrencies are regulated and verified, and requires a significant amount of computing power. … In the majority of cases the…

Source…

Google warns cryptocurrency miners are hacking cloud accounts, suggests ways to counter cyber threat




The biggest threat plaguing cyberspace though, is one that’s trying to make the most out of today’s big buzzword, aka cryptocurrency. (Reuters Image)


© Provided by The Financial Express
The biggest threat plaguing cyberspace though, is one that’s trying to make the most out of today’s big buzzword, aka cryptocurrency. (Reuters Image)

Global search engine giant Google has revealed that hackers are increasingly targeting compromised cloud accounts to mine cryptocurrency. The revelation is part of a new report from Google’s in-house cybersecurity action team.

Google’s cybersecurity team, which spots cyber threats and gives advice on how to tackle them, has come out with a report called “threat horizon” that sheds light on multiple threats currently looming in cyberspace.

As per the report, Russian state hackers have been attempting to dupe users into giving away their passwords on the pretence that they were being targeted by government-backed attackers. In North Korea, hackers have been trying to lure users with fraudulent job offers from big-ticket firms like Samsung.

Crypto miners hacking Google cloud accounts

The biggest threat plaguing cyberspace though, is one that’s trying to make the most out of today’s big buzzword, aka cryptocurrency.

Since “mining” blockchains that underpin cryptocurrencies require a significant amount of computing power and expensive software, 86 per cent of the cloud computing hacks are said to be used to perform cryptocurrency mining.

Democratic countries need to think about creating safe, accountable internet: MoS IT

The cryptocurrency mining software area is downloaded within 22 seconds after the cloud account has been hacked. Cyber-attackers take advantage of vulnerable third-party software and poor customer security to perform the hacks.

Other forms of cyber threat

The Google report says in one instance 12,000 Gmail accounts were targeted by the Russian government-backed hacking group APT28, also known as Fancy Bear, where users were tricked into handing over their user details through email.

Google says the attack was neutralised after all the phishing emails were blocked –’which focused on the UK, the US and India-and no users’ details had been compromised.’

Apple, Google get slapped with EUR 20-Million antitrust fine in Italy over ‘aggressive’ data practices

In another…

Source…

Google warns crypto miners are hacking users’ cloud accounts




text


© Provided by CNBCTV18


The cybersecurity team of Google has released a report claiming that cryptocurrency mining abuse is making Google Cloud accounts vulnerable to hacking.

The report has made startling observations. It alleges that a Russia-based group — APT28/Fancy Bear — launched a Gmail phishing campaign. Google was able to block the attack, said the company.

“Malicious actors were observed performing cryptocurrency mining within compromised Cloud instances,” said the Google report “Threat Horizons”.

Also Read: Most cryptocurrencies will not survive; pose same problem as unregulated chit funds: Raghuram Rajan

Threat Horizons also said North Korean actors impersonated employment recruiters from Samsung to steal credentials. As part of the breach, malicious attachments were sent to employees at several South Korean anti-malware cybersecurity companies.

The cybersecurity team of Google found that 86 percent of the 50 compromised Google Cloud accounts were used for cryptocurrency mining. The cyber researchers also revealed that the cryptocurrency mining software was downloaded within 22 seconds of the account being compromised in a majority of these breaches. This suggests that the initial attacks and subsequent downloads were “scripted events” not requiring human intervention.

An analysis of the breach attempts revealed that about 10 percent of the compromised Google Cloud accounts were used to conduct scans of other publicly available resources on the internet. The Google team also tracked some fraudsters seeking to abuse Cloud resources to generate traffic to YouTube.

Also Read: Satoshi Nakamoto’s Bitcoin holding: Here’s how much it is worth now

“While cloud customers continue to face a variety of threats across applications and infrastructure, many successful attacks are due to poor hygiene and a lack of basic control implementation,” said the report.

The Google team also listed security measures to avoid such breaches. These include using multiple layers of defense to combat theft of credentials and authentication cookies and “hashing authentication” of the code downloaded by clients.

Source…

Cryptocurrency miners are now hacking accounts of Cloud users, Google warns






© Provided by The Indian Express


Google has warned that cyber criminals are now hacking Google cloud accounts to mine cryptocurrency. Details of the hack were highlighted in Google’s first threat horizon report published by the company’s cybersecurity action team.

The report said that 86 percent of the compromised Google Cloud instances were used to perform cryptocurrency mining, a cloud resource-intensive for-profit activity, adding that in the majority of cases, the cryptocurrency mining software was downloaded within 22 seconds of the account being compromised.

Google’s cloud service is the one of the most popular remote storage system, where the tech giant stores customers’ data and files in a remote server—which is technically capable of being used for crypto mining. Cryptocurrency mining requires high-powered computers, that are competing to solve complex mathematical puzzles, in a process that makes intensive use of computing power and electricity.

Read more |Unregulated cryptocurrency fueling ransomware attacks globally: Report

Interestingly, Google noted that of 50 percent hacks of its cloud computing service, more than 80 percent were used to perform cryptocurrency mining.

Cloud customers continue to face a variety of threats across applications and infrastructure, and many successful attacks are “due to poor hygiene and a lack of basic control implementation,” Google said in its blog post.

Additionally, 10 percent of compromised Cloud instances were used to conduct scans of other publicly available resources on the internet to identify vulnerable systems, and 8 percent of instances were used to attack other targets. “While data theft did not appear to be the objective of these compromises, it remains a risk associated with the cloud asset compromises as bad actors start performing multiple forms of abuse,” Google added.

Read more |Regulators don’t have capability to monitor cyber risk in crypto exchanges: Raghuram Rajan

The tech giant has recommended its cloud customers to improve their security by enabling two-factor authentication—it is an extra layer of protection used to ensure the security of online accounts beyond just a username and…

Source…