Google Cloud reported that malicious actors recently compromised 50 Google Cloud Platform (GCP) instances, the majority of which (86%) were used for cryptocurrency mining.
Interestingly, Google notes that an analysis of compromised cloud instances used for illicit mining revealed that in 58% of situations, cryptocurrency mining software was downloaded to the system within 22 seconds of compromise. .
"This suggests that the initial attacks and subsequent downloads were scheduled events that did not require human intervention. The ability to manually intervene in these situations to prevent exploitation is nearly impossible. The best defense would be to not deploy any vulnerable systems or have an automated response mechanisms,” shares Google Cloud.
Since most of the compromised instances were used for cryptocurrency mining rather than data exfiltration, Google analysts understood that the attackers analyzed a variety of Google Cloud IP addresses, rather than targeting specific customers.
GCP attacks
The details are part of the first issue of the Threat Horizons report put together after gathering information from Google's Threat Analysis Group (TAG), the Google Cloud Trust and Security Center, and several other internal Google teams.
The search engine giant says the goal of the report is to provide actionable insights to help organizations ensure their cloud environments remain protected from evolving threats.
In addition to encryption, the report also found that 10% of compromised cloud instances were used to scan other publicly available resources on the Internet to identify vulnerable systems, and 8% of instances were used to attack other targets.
Protect your computers with the best antivirus software and clean them with the best malware removal software