The Mountain View company published the first issue of the report Threat Horizons describing the various types of attacks detected on instances of Google Cloud. Some of them were made with the aim of leveraging cloud resources for generate cryptocurrencies. Google has indicated possible countermeasures to be implemented to avoid similar security problems.

Google Cloud for cryptocurrency mining

According to the findings of Google’s Threat Analysis Group (TAG), the86% of cloud instances compromises have been used for cryptocurrency mining. This is one of the most intensive activities, as it consumes the hardware resources of the servers, in particular CPU and GPU (also storage, in the case of Chia).

In 58% of cases, the software used to generate the digital coins was downloaded within 22 seconds. This means that the attack was performed through script. Google explains that human intervention prevention is next to impossible, but the customer can check for vulnerabilities before making the instances accessible from the Internet.

The Mountain View company also found that 10% of cloud instances were leveraged for look for other vulnerable systems and 8% to carry out attacks against external targets. Other activities detected are: installing malware (6%), copying prohibited content (4%), launching DDoS bots (2%) and sending spam (2%).

Access to Google Cloud instances was possible due to poor customer focus on security. In 48% of cases a password was not set or it was easy to guess. In 26% of cases, the instance hosted vulnerable third-party software. Google therefore suggests choosing strong passwords, updating software and taking advantage of the various services available, including Container Analysis, Web Security Scanner and access control.