Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Hackers Use Compromised Google Cloud Accounts for Cryptocurrency Mining

Friday, December 10, 2021

Categories: ASCF News Cyber Security

Comments: 0

Source: https://www.cpomagazine.com/cyber-security/hackers-use-compromised-google-cloud-accounts-for-cryptocurrency-mining/

Source: www.cpomagazine.com

Google warns that cybercriminals were compromising Google Cloud Platform (GCP) accounts to perform cryptocurrency mining.

The internet giant says threat actors sometimes downloaded cryptocurrency mining software within just 22 seconds after compromising the cloud accounts.

Cryptocurrency mining is a resource-intensive activity while mining rewards continue to decline amid rising computational costs. However, Google Cloud customers have access to upgradable computing power at a cost, making their unsecured cloud resources the target cybercriminals.

Google published the findings in its first Threat Horizons Report by the newly constituted Cybersecurity Action Team that attempts to bridge the company’s collective threat intelligence for more actionable insights.

Hackers exploit most compromised Google Cloud accounts for cryptocurrency mining
Google found that out of the 50 recently compromised Google Cloud instances, 86% were used for cryptocurrency mining purposes.

Hackers exploited another 10% of the compromised Google Cloud instances to scan the internet for vulnerable systems and 8% to attack other targets. The attackers exploited 6% of the accounts for hosting malware, 4% for hosting illegal content, 2% for launching DDoS bots, and 2% for sending spam.

The attackers utilized CPU/GPU resources on compromised Google Cloud instances for cryptocurrency mining or storage space for Chia mining.

Google attributed the hacking of Google Cloud accounts to poor security hygiene, including weak or no passwords and misconfigurations. According to the report, the attackers exploited poor security practices or vulnerable third-party software in (75%) of the incidents. In nearly half (48%) of the cases, the compromised Google Cloud instances had no password for the accounts or API connections. In more than a quarter (26%) of the instances, the attackers leveraged vulnerable third-party software installed by the owner. Similarly, 12% of the attacks exploited misconfigurations in cloud instances or third-party software, while 4% originated from leaked credentials.

The minimum time between deploying a vulnerable cloud instance and compromise was less than 30 minutes. In 40% of the cases, hackers compromised the instances in less than 8 hours after deployment.

Google suggested that the attackers routinely scanned IP addresses for vulnerable cloud instances. According to the researchers, the attackers scanned Google Cloud IP address range instead of specific user instances.

In 58% of the incidents, the hackers downloaded cryptocurrency mining software on the compromised instances within 22 seconds. Google posited that attackers automated the deployment of cryptocurrency mining software to proceed without human interaction.

Google noted that human response in such incidents was impossible and recommended implementing an automated response mechanism. Similarly, cloud customers should avoid deploying vulnerable instances as the first line of defense.

Google’s threat intelligence team also discovered cybercriminals using new tactics to abuse Google Cloud services for nefarious purposes. For example, they signed up for free trial projects by registering fake companies to gain startup credits and access Google’s Cloud computing resources.

Meanwhile, Russian nation-state threat actors APT28 or Fancy Bear also leveraged Google’s Gmail accounts to execute a large-scale phishing campaign of over 12,000 phishing messages. Similarly, North Korean hackers posed as Samsung employees targeting South Korean tech workers with fake job opportunities.

How to protect Google Cloud accounts
The researchers advised Google Cloud customers to enable various security mitigations to protect their instances from cryptocurrency mining and other cloud threat.

The team advised customers to audit their published projects to ensure that they do not expose security credentials. Additionally, they should validate downloaded code to avoid installing updates poisoned through man-in-the-middle (MITM) attacks.

Similarly, they should add a layer of security to make compromised credentials unusable by requiring multi-factor authentication.

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.