Google Report: 86% of Hacked Cloud Accounts are Used to Mine Crypto

According to the Threat Horizons report for November released by Google, the majority of recently attacked accounts on the search engine’s Google Cloud Platform (GCP) service are being used to mine cryptocurrencies. Hackers are also accessing cloud accounts to find new targets and to host malware and phishing scams.

86% of Hacked Accounts Used for Illegal Crypto Mining

The report indicates that “malicious actors were observed performing cryptocurrency mining within compromised Cloud instances”. It adds:

“Of 50 recently compromised GCP instances, 86 percent of the compromised Google Cloud instances were used to perform cryptocurrency mining, a cloud resource-intensive for-profit activity, which typically consumed CPU/GPU resources, or in cases of Chia mining, storage space.” The remainder of the hacks included ransomware and phishing scams.

Poor Security Opens the Doors For Scammers

In nearly 75 percent of all cases, malicious actors were able to access the Google Cloud by taking advantage of users’ poor security practices, mostly via customers’ weak passwords or absence thereof. Hackers were also able to gain access through vulnerable third-party software. When hackers used accounts to mine cryptos, mining software was installed within 22 seconds of the attack, leaving manual intervention useless.

The team at Google made recommendations to prevent such attacks, with guidelines including the use of two-factor authentication and implementing Google’s “Work Safer” product.

Scams on the Rise

Due to the unregulated nature of the market, exploits in the digital asset space remain common. Earlier this month, Google issued a “Google Ads Scam Alert” after US$500,000 was stolen using fake crypto wallets. Users of crypto swap platform PancakeSwap and MetaMask and Phantom wallets had been targeted in a phishing scam when hackers stole funds while users tried to install the wallets. Scammers used Google Ads to divert users to fake crypto wallets.

Also in October, Google’s Threat Analysis Group (TAG) had to fend off numerous hackers after they attacked the accounts of various YouTubers, hijacking and repurposing the accounts to run crypto scam ads.