Google Cloud instances compromised in illicit cryptomining attacks

Virtually all attacks are scripted and can only be protected with automated response mechanisms

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Google Cloudhas shared that malicious actors had recently compromised 50GoogleCloud Platform (GCP) instances, a majority (86%) of which were used forcryptocurrency mining.

Interestingly, Google notes that an analysis of the compromised cloud instances that were used for illicit mining revealed that in 58% of situations thecryptocurrencymining software was downloaded to the system within 22 seconds of being compromised

“This suggests that the initial attacks and subsequent downloads were scripted events not requiring human intervention. The ability to manually intervene in these situations to prevent exploitation is nearly impossible. The best defense would be to not deploy a vulnerable system or have automated response mechanisms,”sharesGoogle Cloud.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

Given that most of the compromised instances were used for cryptocurrency mining rather than exfiltration of data, Google analysts fathom that the attackers scanned a range of Google Cloud IP addresses, rather than targeting particular customers.

GCP attacks

The details are part of the first issue ofThreat Horizonsreportproduced after collatingintelfrom the Google Threat Analysis Group (TAG), Google Cloud Security and Trust Center, and several other internal teams at Google.

The search engine giant claims the objective of the report is to provide actionable intelligence to help organizations ensure that their cloud environments remain protected against ever-evolving threats.

In addition to cryptoming, the report also revealed that 10% of the compromised Cloud instances were used to conduct scans of other publicly available resources on the Internet in order to identify vulnerable systems, and 8% of instances were used to attack other targets.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Protect your computers with thesebest antivirus software, and cleanse them with thesebest malware removal software

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

iStorage Group acquires Kanguru Solutions as it looks to expand security offering

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well