With the increasing shift of the world to cloud environments, comes the threat of increasing cyberattacks. While cloud customers keep fighting various threats, Google has found recent incidents of cryptocurrency mining, ransomware, and phishing campaigns.
What’s going on?
Google’s Threat Horizons report claims that hackers were compromising cloud accounts used for storing files and data. Hackers don’t only use these as mining resources but also leverage the storage space to perform malicious activities.
Of 50 recently compromised Google Cloud Platform (GCP) instances, 86% were used to conduct cryptomining.
Ten percent of the instances were used to scan other resources available publicly to detect vulnerable systems.
Eight percent of the compromised instances were leveraged to attack other targets.
While the aim of the attackers did not seem to be data theft, cloud asset compromises still pose many risks.
Some news about crypto threats
Following China’s ban on cryptocurrency transactions, the world’s 14 largest cryptomining companies shifted their bases to the U.S., Kazakhstan, Canada, and Russia.
Cloud misconfiguration issues have touched new heights as research by Palo Alto suggests that attackers can now compromise honeypots within 30 seconds.
The new Babadeda crypter is targeting cryptocurrency, DeFi, and NFT communities via Discord.
What about the cloud?
TAG researchers found a group of attackers exploiting cloud resources to generate traffic to YouTube, with the purpose of manipulating views. They adopted new TTPs such as leveraging free trial projects, joining Google Developer Community for free projects, and exploiting startup credits with phony companies. The perpetrators also gained free credits by making small credit card payments and later declining them.
Why this matters
Google believes that threat actors who gain access to legitimate cloud instances will use them for financial gains. This would enable them to abuse unsuspecting users.
The bottom line
Attackers will exploit any situation for their financial and political gains. Cryptomining has become a lucrative job for cybercriminals; the threat especially stands strong against poorly configured cloud instances. Organizations would secure their cloud platforms by operationalizing threat intelligence for proper cloud configuration and proactive defense against whatever threats may come.