Hackers can use compromised Google Cloud accounts to install mining software in under 30 seconds: report

In a report aimed at assessing threats to Cloud users, Google’s Cybersecurity Action Team said that some attackers are exploiting “poorly configured” accounts to mine cryptocurrency.

On Wednesday, the Google team said out of 50 analyzed incidents that compromised the Google Cloud Protocol, 86% were related to crypto mining. The hackers used the compromised Cloud accounts to access resources from individuals’ CPUs or GPUs to mine tokens or take advantage of storage space when mining coins on the Chia Network.

However, Google’s team reported that many of the attacks were not limited to a single malicious action like crypto mining, but also as a staging point to conduct other hacks and identify other vulnerable systems. According to the cybersecurity team, the actors usually gained access to Cloud accounts as a result of “poor customer security practices” or “vulnerable third-party software.”

“While data theft did not appear to be the objective of these compromises, it remains a risk associated with the cloud asset compromises as bad actors start performing multiple forms of abuse,” said the Cybersecurity Action Team. “The public Internet-facing Cloud instances were open to scanning and brute force attacks.”

The speed of the attacks was also noteworthy. According to Google’s analysis, hackers were able to download crypto mining software to the compromised accounts within 22 seconds in the majority of the incidents analyzed. Google suggested that “the initial attacks and subsequent downloads were scripted events not requiring human intervention” and said it would be nearly impossible to manually intervene to stop such incidents once they started.

Related: Google bans 8 ‘deceptive’ crypto apps from Play Store

An attack on multiple users’ Cloud accounts to gain access to additional computing power is not a new approach to illicitly mining crypto. ‘Cryptojacking’, as it is known by many in the space, has had several high-profile incidents including a hack of Capital One in 2019 to allegedly use credit card users’ servers to mine crypto. However, browser-based cryptojacking as well as mining crypto after gaining access through deceptive app downloads is also still a problem for many users.