Cryptocurrency Miners Using Hacked Cloud Accounts, Google Warns | cybercrime





Cyber ​​hackers are using compromised cloud accounts to mine cryptocurrency, Google has warned.

Details of the mining hack can be found in a report from Google’s cybersecurity action team, which detects hacking threats against its cloud service – an external storage system where Google stores customers’ data and files off site – and offers advice on how to tackle them. .

Other threats the team identified in its first threat horizon report include: Russian state hackers attempting to extract users’ passwords by warning that they are being targeted by government-backed attackers; North Korean hackers posing as Samsung recruiters; and the use of heavy encryption in ransomware attacks.

“Mining” is the name given to the process by which blockchains, such as those underlying cryptocurrencies, are regulated and verified, and which requires a significant amount of computing power. Google reported that of 50 recent hacks of its cloud computing service, more than 80% were used to conduct cryptocurrency mining.

Question and answer

What is blockchain technology?

Show

Blockchain is a digital ledger that provides a secure way to make and record transactions, agreements and contracts. What is unique, however, is that the database is not kept in one place like the more traditional general ledger, but is shared over a network of computers.

This network may include only a handful of users, or hundreds and thousands of people. The ledger becomes a long list of transactions that have taken place since the inception of the network and grows larger over time.

A blockchain database consists of blocks and transactions. Blocks contain batches of transactions that have been “hashed” and encrypted. Each block contains the hash of the block before it, which connects the two and forms the chain. This process validates each block, all the way back to the original, and is an integral part of database security.

Blockchain technology has been around for a number of years – its most well-known use to date is Bitcoin, the virtual currency. However, the use of blockchain is not limited to financial transactions, and enthusiasts are exploring other uses for the technology, especially for the types of transactions where there are often disputes or trust issues.

Katherine Purvis

Thanks for your feedback.

The report said that “86% of the compromised Google Cloud instances were used to conduct cryptocurrency mining, a cloud resource-intensive for-profit activity,” adding that in most cases, the cryptocurrency mining software within 22 seconds of the account was downloaded to be compromised. Google said that in three-quarters of the cloud hacks, the attackers had taken advantage of poor customer security or vulnerable third-party software.

Google’s recommendations to its cloud customers to improve their security include two-factor authentication — an extra layer of security on top of a generic username and password — and signing up for the company’s work more secure security program.

Elsewhere in the report, Google said the Russian government-backed hacking group APT28, also known as Fancy Bear, targeted 12,000 Gmail accounts in a massive phishing attempt, tricking users into handing over their login credentials. The attackers tried to trick account holders into handing over their details via an email that read, “We believe that government-backed attackers may be trying to trick you into getting your account password.” Google said it had blocked all phishing emails in the attack — which targeted the UK, US and India — and no user data had been hacked.

Another hacking ploy noted by Google in the report involved a North Korean-backed hacker group posing as recruiters at Samsung and sending fake job postings to employees of South Korean information security companies. Victims were then sent to a malicious link to malware stored in Google Drive, which has now been blocked.

Google said dealing with ransomware attacks, in which files and data on a user’s computer are encrypted by the attacker until payment is made for their release, was difficult because heavy encryption “makes recovery of files nearly impossible without paying.” for the decryption tool”. The report marks the rise of Black Matter, which it describes as a “formidable ransomware family”.

However, at the beginning of the month, Black Matter said it was being discontinued due to “pressure from the authorities”. Black Matter victims include Japanese technology group Olympus.

The Google report said: “Google has received reports that the Black Matter ransomware group has announced it will shut down its operations under pressure from outside. Until this is confirmed, Black Matter still poses a risk.”




Leave a Comment

x