Hacked cloud accounts are being used to mine crypto, says Google
November 27, 2021, 1:30PM EST
1 min read
A report released this week by Google indicates that a majority of recently attacked accounts on its Google Cloud Platform service were used to mine cryptocurrency.
The Threat Horizons report for November stated that "[m]alicious actors were observed performing cryptocurrency mining within compromised Cloud instances."
"Of 50 recently compromised GCP instances, 86% of the compromised Google Cloud instances were used to perform cryptocurrency mining, a cloud resource-intensive for-profit activity, which typically consumed CPU/GPU resources, or in cases of Chia mining, storage space," the report went on to say.
As for the modes of attack, Google contended that the majority of cases involved "poor" practices on the part of Cloud users or third-party applications that introduced vulnerabilities.
"As shown in Table 2, 48% of compromised instances were attributed to actors gaining access to the Internet-facing Cloud instance, which had either no password or a weak password for user accounts or API connections," Google said. "As a result, these Google Cloud instances could be easily scanned and brute forced. 26% of compromised instances were attributed to vulnerabilities in third-party software, which was installed by the owner."
The report doesn't indicate over what timeline those Google Cloud instances were attacked; however, the report does provide a window into the extent that digital workspaces continue to be a target for would-be malicious miners.
As cryptocurrencies become increasingly mainstream, regulators, the media and policymakers are paying more attention to the financial crime risks associated with them. But what are the biggest compliance challenges crypto firms face, and what does a best practice AML program look like?
Ethereum had a breakout year in 2021. It’s native asset, ETH’s, market capitalization surpassed $500 billion for the first time. Its network facilitated upwards of $7 trillion value transfer. Non-fungible tokens (NFTs) emerged as another “killer application” that have put its technology on the global stage and caught the attention of the masses.
TRON DAO has announced the launch of a $10 million incentive fund in light of recent events to support Terra developers migrating to the TRON ecosystem, including TRON’s EVM compatible cross-chain solution BitTorrent Chain (BTTC), which helps facilitate the seamless transfer of assets across mainstream public chains, including TRON, Ethereum, and BNB Chain.