Hackers used hacked accounts to discover new targets, host malware, and phishing scams.
According to a new analysis report, 86 percent of “malicious actors” utilized hacked Google Cloud accounts to mine cryptocurrencies.
According to Google’s Cybersecurity Action Team, 86 percent of the 50 hacked Google Cloud Platforms or GCPs were used for bitcoin-Crypto mining, which normally uses a lot of computational resources and storage space. Phishing scams and ransomware were among the remaining cyber activities.
Exploits are still widespread in the digital assets space, especially now that there is so much money coming in. In May, a hacking group exploited a flaw in Salt, a popular infrastructure tool used by companies like IBM, LinkedIn, and eBay, to install crypto-mining malware on a company server.
Moreover, in August, over $600 million was stolen in one of the biggest crypto heists to date, exploiting a vulnerability in the Poly Network, although some of the amounts were returned. Meanwhile, Mt. Gox, the world’s largest bitcoin exchange at the time, filed for bankruptcy in March 2014 after hackers stole $460 million worth of cryptocurrencies.
Poor security practices
Most of these attacks on the GCPs are primarily due to poor security practices by the customers, including the use of weak or no passwords. “Malicious actors gained access to the Google Cloud instances by utilizing the advantage of poor customer security practices or vulnerable third-party software in nearly 75% of all cases,” the report mentioned.
In the cases of hackers using accounts to mine cryptocurrencies, mining software was installed within 22 seconds of the attack, making manual interventions ineffective in preventing such attacks. “The best defense would be to not deploy a vulnerable system or have automated response mechanisms,” the report recommended.
Mining software was installed within 22 seconds of the attack in cases where hackers used accounts to mine cryptocurrency, rendering manual interventions ineffectual in avoiding such attacks. “The greatest defense would be to not deploy a susceptible system or have automated response systems,” according to the paper.
The team suggested numerous security measures to prevent similar assaults, including checking for weaknesses, employing two-factor authentication, and installing Google’s “Work Safer” tool for security.
“In light of these specific observations and general risks, companies that prioritize secure installation, monitoring, and continuous assurance will be more successful in minimizing or at the very least reducing the overall impact of these threats,” the authors stated.
The Motley Fool suggests that storing cryptocurrency outside the network, using a mechanism known as “cold storage,” is also very safe. Simply, anything that is connected to the internet can theoretically be hacked. Crypto exchanges must maintain some coins on the network for trading, but the majority of them should be kept offline.