Cryptocurrency miners are now hacking accounts of Cloud users

Google has warned that cyber criminals are now hacking Google cloud accounts to mine cryptocurrency. The company’s cybersecurity action team highlighted the details of the hack in Google’s first threat horizon report.

The report said that 86 per cent of the compromised Google Cloud instances were used to perform cryptocurrency mining, a cloud resource-intensive for-profit activity, adding that in the majority of cases, the cryptocurrency mining software was downloaded within 22 seconds of the account being compromised, reports The Indian Express.

Google’s cloud service is the one of the most popular remote storage system, where the tech giant stores customers’ data and files in a remote server—which is technically capable of being used for crypto mining. Cryptocurrency mining requires high-powered computers, that are competing to solve complex mathematical puzzles, in a process that makes intensive use of computing power and electricity.

Interestingly, Google noted that of 50 per cent hacks of its cloud computing service, more than 80 per cent were used to perform cryptocurrency mining.

Cloud customers continue to face a variety of threats across applications and infrastructure, and many successful attacks are “due to poor hygiene and a lack of basic control implementation,” Google said in its blog post.

Additionally, 10 per cent of compromised Cloud instances were used to conduct scans of other publicly available resources on the internet to identify vulnerable systems, and 8 per cent of instances were used to attack other targets. “While data theft did not appear to be the objective of these compromises, it remains a risk associated with the cloud asset compromises as bad actors start performing multiple forms of abuse,” Google added.

The tech giant has recommended its cloud customers to improve their security by enabling two-factor authentication—it is an extra layer of protection used to ensure the security of online accounts beyond just a username and password.

Meanwhile, Google in the report added that the Russian government-backed hacking group APT28, also known as Fancy Bear, attacked as many as 12,000 Gmail accounts in a mass phishing attempt, tricking users into handing over their login details.

The attackers attempted to lure account holders sending out emails that read: “We believe that government-backed attackers may be trying to trick you to get your account password.”

However, Google said that it identified the attack and has blocked all the phishing emails, which were designed to attack UK, US and Indian users— and by far no users’ details have been compromised.