Attackers are seen using phishing campaigns to steal credentials and are dumping miners within seconds to start their mining operation. Though Google blocked all the phishing links and malware content hosted in its cloud, it’s suggesting users follow better security practices.
Mining in Google Cloud
Google Cloud is an online storage service for securely storing customer data and files. This is a remote instance where Google uses data centers with high-performance hardware to store and process requests. And such a set-up is very much desired for activities like cryptocurrency mining. Thus, threat actors were seen hitting Google Cloud via stolen Google accounts for mining cryptocurrencies. Additionally, as per Google’s “Threat Horizon” report, cybercriminals are using phishing campaigns to steal the Google account credentials of several people around the world. More specifically, Google spotted Russia’s APT – Fancy Bear using scaring tactics like asking users to secure their account from a state-backed hacker by logging into their phishing site with original credentials. Further, there were North Korean hackers offering fake job opportunities for information security people in South Korea. All these were to push unsuspecting Google users to hand over their credentials and use them for accessing their Cloud service and mine coins through Google’s high-performance hardware in remote locations. Google said 86% of its cloud computing service attacks recently had a cryptocurrency miner downloaded within 22 seconds! That’s how fast the attackers were to leverage Google’s hardware for their resource-intensive mining works. And this is being done due to poor account security management, Google stated. Thus, it’s recommended that users have a two-factor authentication over general username/password security and follow their company’s security programs to thwart cyberattacks.