Cryptocurrency Miners Using Hacked Cloud Accounts, Google Warns | Cybercriminality

Cyberhackers use compromised cloud accounts to mine cryptocurrency, Google warned.

Details of the mining hack are contained in a report from Google’s Cyber ​​Security Action Team, which identifies hack threats against its cloud service – a set of remote computing services that may include data and file storage. offsite customers – and gives advice on how to cope with them.

Other threats identified by the team in its first “Threat Horizon” report include: Russian state hackers who attempt to obtain user passwords by warning them that they have been targeted by government-backed attackers; North Korean hackers posing as Samsung recruiters; and the use of heavy encryption in ransomware attacks.

“Mining” is the name of the process by which blockchains such as those underlying cryptocurrencies are regulated and verified, and require a significant amount of computing power. Google reported that out of 50 recent hacks of its cloud computing service, more than 80% were used to perform cryptocurrency mining.

Questions and answers

What is blockchain technology?

Spectacle

Blockchain is a digital ledger that provides a secure way to enter into and record transactions, agreements, and contracts. However, uniquely, rather than being kept in one place like the more traditional general ledger, the database is shared across a network of computers.

This network may include only a handful of users, or hundreds and thousands of people. The ledger becomes a long list of transactions that have taken place since the beginning of the network, growing over time.

A blockchain database is made up of blocks and transactions. Blocks contain batches of transactions that are “hashed” and encoded. Each block contains the hash of the block before it, which connects the two and forms the chain. This process validates every block, down to the original, and is an integral part of database security.

Blockchain technology has been around for several years – its best-known use to date is Bitcoin, the virtual currency. However, the uses of blockchain are not limited to financial transactions and enthusiasts are turning to other applications for the technology, especially for the types of transactions where there are often disputes or trust issues.

Catherine purvis

Thank you for your opinion.

The report states that “86% of compromised Google Cloud instances were used to perform cryptocurrency mining, a for-profit activity that consumes cloud resources,” adding that in the majority of cases, cryptocurrency mining software currency was downloaded within 22 seconds of counting. being compromised. Google said that in three-quarters of cloud hacks, attackers took advantage of poor client security or vulnerable third-party software.

Google’s recommendations to its cloud customers to improve their security include two-factor authentication – an additional layer of security in addition to a generic username and password – and enrollment in the program. safety for the work of the company.

Elsewhere in the report, Google said that Russian government-backed hacking group APT28, also known as Fancy Bear, targeted 12,000 Gmail accounts in a massive phishing attempt, where users were tricked into handing over their login information. Attackers attempted to trick account holders into providing their details via an email that read: “We believe government-backed attackers may try to trick you into obtaining your account password.” Google said it blocked all phishing emails in the attack – which focused on the UK, US and India – and that no user details were compromised .

Another hacking trick reported by Google in the report involved a North Korean-backed group of hackers posing as recruiters at Samsung and sending bogus job offers to employees of information security companies. South Korean. The victims were then directed to a malicious link to malware stored in Google Drive, which is now blocked.

Google said dealing with ransomware attacks, where files and data on a user’s computer are encrypted by the attacker until a payment is made for their release, was difficult because of heavy encryption. “Makes file recovery almost impossible without paying for the decryption tool.” The report signals the emergence of Black Matter, which it describes as a “formidable family of ransomware”.

However, earlier this month, Black Matter announced it was shutting down due to “pressure from the authorities.” Black Matter victims include Japanese tech group Olympus.

The Google report said: “Google has received information that the Black Matter ransomware group has announced that it will be shutting down operations due to outside pressure. Until this is confirmed, Black Matter still poses a risk.

This article was modified on November 26, 2021 to clarify the details of Google’s cloud service.

Leave a reply:

Your email address will not be published.