Hackers can use compromised cloud accounts to install crypto mining software

Hackers can use compromised cloud accounts to install crypto mining software
-A +A

KUALA LUMPUR (Nov 28): Cyber attackers are exploiting “poorly configured” accounts to mine cryptocurrency, according to Google’s Cybersecurity Action Team (GCAT).

In a report Wednesday (Nov 24), the security advisory Google team said out of 50 analysed incidents that compromised the Google Cloud Protocol, 86% were related to crypto mining.

It said the hackers used the compromised Cloud accounts to access resources from individuals’ CPUs or GPUs to mine tokens or take advantage of storage space when mining coins on the blockchain and smart transaction platform Chia Network. 

However, GCAT said many of the attacks were not limited to a single malicious action like crypto mining, but were also staging points to conduct other hacks and identify other vulnerable systems.

It said the actors usually gained access to Cloud accounts as a result of “poor customer security practices” or “vulnerable third-party software”.

GCAT said while data theft did not appear to be the objective of these compromises, it remains a risk associated with the Cloud asset compromises, as bad actors start performing multiple forms of abuse.

“The public Internet-facing Cloud instances were open to scanning and brute force attacks,” it said.