Google Cloud (opens in new tab) has shared that malicious actors had recently compromised 50 Google Cloud Platform (GCP) instances, a majority (86%) of which were used for cryptocurrency mining (opens in new tab).
Interestingly, Google notes that an analysis of the compromised cloud instances that were used for illicit mining revealed that in 58% of situations the cryptocurrency (opens in new tab) mining software was downloaded to the system within 22 seconds of being compromised
“This suggests that the initial attacks and subsequent downloads were scripted events not requiring human intervention. The ability to manually intervene in these situations to prevent exploitation is nearly impossible. The best defense would be to not deploy a vulnerable system or have automated response mechanisms,” shares (opens in new tab) Google Cloud.
Given that most of the compromised instances were used for cryptocurrency mining rather than exfiltration of data, Google analysts fathom that the attackers scanned a range of Google Cloud IP addresses, rather than targeting particular customers.
GCP attacks
The details are part of the first issue of Threat Horizons report (opens in new tab) produced after collating intel from the Google Threat Analysis Group (TAG), Google Cloud Security and Trust Center, and several other internal teams at Google.
The search engine giant claims the objective of the report is to provide actionable intelligence to help organizations ensure that their cloud environments remain protected against ever-evolving threats.
In addition to cryptoming, the report also revealed that 10% of the compromised Cloud instances were used to conduct scans of other publicly available resources on the Internet in order to identify vulnerable systems, and 8% of instances were used to attack other targets.
Protect your computers with these best antivirus software (opens in new tab), and cleanse them with these best malware removal software (opens in new tab)