Cyber hackers use compromised cloud accounts to mine cryptocurrency, Google warned.
Details of the mining hack are contained in a report from Google's Cyber Security Action Team, which detects hack threats against its cloud service - a remote storage system where Google stores data and files ofclients. site - and gives advice on how to combat them.
Other threats identified by the the team in its first "Threat Horizon" report includes: Russian state hackers who try to get passwords from users by warning them that they are were targeted by government-backed attackers; North Korean hackers posing as Samsung recruiters; and the use of heavy encryption in ransomware attacks.
"Mining" is the name of the process by which blockchains such as those underlying the cryptocurrencies are regulated and verified, and require a significant computing power . Google reported that out of 50 recent hacks of its cloud computing service, more than 80% were used to perform cryptocurrency mining.
The report states that "86% of Google Cloud instances were used to perform cryptocurrency mining, a for-profit activity that consumes cloud resources," adding that in the majority of cases, cryptocurrency mining software has was downloaded within 22 seconds of creating the. romised account. Google said that in three-quarters of cloud hacks, attackers took advantage of poor client security or vulnerable third-party software.
Google's recommendations to its cloud customers for improving their security include two-factor authentication - an additional layer of security in addition to a username and password a generic password - and inion to the security program forthe company's work.
Elsewhere in the report, Google said the Russian government-backed hacking group APT28 , also known as Fancy Bear , has targeted 12,000 Gmail accounts in a massive phishing attempt, where users are tricked into handing over their ID details. The attackers attempted to trick account holders into providing their details via an email that read: "We believe that government-backed attackers may try to trick you into obtaining your account password. "Google said it blocked all phishing emails in the attack - which focused on the UK, US and India - and that inNone of the user details had been compromised.
Another hacking trick reported by Google in the report involved an Hacker group supported by North Korea being posing as recruiters at Samsung and sending bogus job offers to employees of South Korean information security companies. Victims were then directed to a malicious link to malware stored in Google Drive, which has now been blocked.
Google said it deals with ransomware attacks, where files and data on a user's computer is encrypted by the attacker until a payment is made for its release, was difficult because heavy encryption "makes the almost impossible file recovery without paying for the "decryption tool. The rapport signals the emergence of Black Matter, which he describes as a "formidable ransomware family.
However, earlier this month, Black Matter did announced its closing down due to "pressure from the authorities". Black Matter victims include Japanese tech group Olympus.
The Google report said, "Google has received information that the Black Matter ransomware group has announced that it would cease operations due to outside pressure. Until this is confirmed, Black Matter is still a risk. "