According to a recent survey of Google Cloud threats, virtually every recently hacked Google Cloud environment is being exploited for cryptomining.
The Google Cybersecurity Action Team (GCAT) came into being in October 2021. The branch is primarily concerned with security consulting for Google Cloud customers and research into the Google Cloud threat landscape. The latter is reflected for the first time with a research report: Threat Horizons. GCAT investigated Google Cloud’s threat landscape to provide insight to users of the service.
The study reveals a series of interesting facts. 86 percent of the 50 most recently hacked Google Cloud environments were exploited for cryptomining. In these cases, a hacker obtains administrator privileges from a Google Cloud user to harness the victim’s cloud computing power to mine bitcoin and other crypto-currencies. Victims suffer no data loss, but risk skyrocketing cloud costs. In 10 percent of cases, the computing power was used to scan public Internet information at scale to find new targets.
Except for the surprising dominance of cryptomining, the report lays little news on the table. GCAT describes Fancy Bear, a Russian phishing group that targeted more than twelve thousand Gmail addresses in September of this year. Fancy Bear has been on the radar of Microsoft and Yahoo for years.
The researchers also cite an incident in which a hacking group distributed malware on behalf of the North Korean government through social engineering. Professionals at South Korean companies received messages with a supposed job offer, containing a PDF. The PDF was impossible to open. Hackers instructed the victims to navigate to a Google Drive. There, they would find an app to open the PDF. The app contained malware. This process is called spear-phishing. The method has been popular among cybercriminals for years. GCAT presents the process as new.
In the report, Google provides advice. The tech giant reminds users of GitHub that personal data can end up in published open-source projects. Regular auditing of projects would remedy the problem. Google also refers to the importance of two-step authentication and security measures such as Context-Aware Access.