The report Threat Intelligence Google has just revealed alarming results regarding the security of Google Cloud Platform (GCP) servers used by businesses. In particular, the latter were confronted in 86% of cases with attacks leading to the installation of cryptocurrency mining software on compromised servers. Explanations.
Poor customer security practices pointed out
Google Cloud’s Cyber Security Action Team (CAT) said the hackers used a script-driven process that didn’t require human intervention to run. GCP customers have been heavily targeted by hackers who tried to take advantage of the high levels of computation available to them. Google Cloud also revealed that GCP servers were compromised in just 30 minutes. The CAT has noticed that hackers monitor the public space of IP addresses for insecure GCP servers, knowing how quickly they can compromise any one of them.
“Since most of the servers were used for cryptocurrency mining rather than data exfiltration, Google analysts concluded that the Google Cloud IP range was scanned rather than particular Google Cloud customers. were targeted. The time between launching a vulnerable Google Cloud instance and compromising varied, with the shortest time being less than 30 minutes», Specifies the report.
CAT researchers also noted that threat actors have gained access to GCP servers by exploiting poor customer security practices. Third-party software used by them was vulnerable in almost 75% of cases. Half of the attacks occurred because hackers exploited servers with weak or, in some cases, non-existent passwords for user accounts or API logins. In other words, insecure GCP servers could easily be scanned by hackers and brutally forced into them with minimal difficulty.
Google Cloud recommendations
The primary measure recommended by Google Cloud for vulnerabilities that allow hackers to access GCP servers is to ensure accounts always have strong passwords. Added to this is updating third-party software before a GCP server is exposed to the web and protecting credentials in GitHub projects. The CAT also recalled that GCP customers can use Container Analysis to perform vulnerability analysis and metadata storage for servers. They can also use the Web Security Scanner in Security Command Center to identify security holes in their web applications hosted on the GCP.
No statistics have yet been provided by Google Cloud’s CAT regarding the amount of cryptocurrency that may have been mined through these attacks. The latter still remain impressive although they are not the worst acts of hacking related to the cryptosphere in 2021.
Source: The Fintech Time
Receive a summary of the news in the world of cryptocurrencies by subscribing to our new daily and weekly newsletter service so as not to miss any of the essential Cointribune!
Behind the generic signature “TCT editorial staff” are young journalists and authors with specific profiles who wish to remain anonymous because they are involved in the ecosystem with certain obligations.