Hackers are using Cloud accounts for crypto mining according to Google, which has released a detailed report on the issue to warn users.
The report, entitled ‘Threat Horizons’, is written by Google’s cybersecurity team and presents details on how the cyberhackers operate, and how the users can protect themselves and secure their accounts. The company also warns on a large-scale email phishing attack as well as on the threats of growing ransomware attacks.
According to the Internet giant, 86 percent of the 50 recently compromised Google Cloud Platforms were targeted for crypto mining, a Cloud resource-intensive, for-profit activity.
“Additionally, 10% of compromised Cloud instances were used to conduct scans of other publicly available resources on the Internet to identify vulnerable systems, and 8% of instances were used to attack other targets. While data theft did not appear to be the objective of these compromises, it remains a risk associated with the cloud asset compromises as bad actors start performing multiple forms of abuse,” the report stated.
Google’s team elaborates that in most cases the malicious software was downloaded within 22 seconds of the account being hacked and points out that the initial attacks are ‘scripted events’ where there is no need for human intervention.
To protect its Cloud customers, Google suggests users apply the two-factor authentication option which provides an extra layer of security apart from the password use. Google also recommends using the services from the company’s work safer security program.
“Use multiple layers of defense to combat credential and cookie theft. Cloud-hosted resources have the benefit of high availability and “anywhere, anytime” access. While cloud-hosted resources streamline workforce operations, bad actors can try to take advantage of the ubiquitous nature of the cloud to compromise cloud resources. Despite growing public attention to cybersecurity, spear-phishing and social engineering tactics are frequently successful. As for other forms of IT security, defensive measures need to be robust and layered to protect cloud resources due to ubiquitous access” Google’s report stated.
“In addition to enabling 2-Step Verification on accounts used to access Cloud resources, administrators should strengthen their environment through Context-Aware Access and solutions such as BeyondCorp Enterprise and Work Safer, which enables better cybersecurity”.
Gmail phishing attack
Additionally, Google’s Threat Analysis Group (TAG) states that a group launched a Gmail ‘phishing campaign’ at the end of September sending a large-scale attack to approximately more than 12.000 accounts. Google points out that its cybersecurity experts managed to block the attack.
Cybercriminals usually send scam emails that warn users that their accounts have been targeted by government-backed attackers and they ask them to change their passwords. “The attackers were using patterns similar to TAG’s government-backed attack alerts to lure users to change their credentials on the attacker’s phishing page. Google blocked these messages, and no users were compromised,” said Google.
In the same report, Google stresses the threats of spreading ransomware attacks. “Black Matter is one of many ransomware families currently being used to extort money from victims by locking their files using encryption; however, the ransomware does not transfer files off-network as its ransom note claims. While the Black Matter group is a relatively new player in this space, evidence suggests it is the immediate offspring of DarkSide. Black Matter is capable of encrypting files on a victim’s hard drive and network shares in a relatively short period by distributing the workload across multiple threads” the Threat Horizons Report highlighted.