Security News > 2021 > November > Hackers Using Compromised Google Cloud Accounts to Mine Cryptocurrency

Threat actors are exploiting improperly-secured Google Cloud Platform instances to download cryptocurrency mining software to the compromised systems as well as abusing its infrastructure to install ransomware, stage phishing campaigns, and even generate traffic to YouTube videos for view count manipulation.

"While cloud customers continue to face a variety of threats across applications and infrastructure, many successful attacks are due to poor hygiene and a lack of basic control implementation," Google's Cybersecurity Action Team outlined as part of its recent Threat Horizons report published last week.

Of the 50 recently compromised GCP instances, 86% of them were used to conduct cryptocurrency mining, in some cases within 22 seconds of successful breach, while 10% of the instances were exploited to perform scans of other publicly accessible hosts on the Internet to identify vulnerable systems, and 8% of the instances were used to strike other entities.

In most cases, the unauthorized access was attributed to the use of weak or no passwords for user accounts or API connections, vulnerabilities in third-party software installed on the cloud instances, and leakage of credentials in GitHub projects.

Google CAT said it observed adversaries abusing free Cloud credits by using trial projects and posing as fake startups to engage in traffic pumping to YouTube.

"While cloud-hosted resources streamline workforce operations, bad actors can try to take advantage of the ubiquitous nature of the cloud to compromise cloud resources. Despite growing public attention to cybersecurity, spear-phishing and social engineering tactics are frequently successful."

News URL

https://thehackernews.com/2021/11/hackers-using-compromised-google-cloud.html