Google published its first Threat Horizons report this month detailing hacking threats to its cloud service.
The Google cloud service is a collection of remote computing services which can include storage of customersâ€™ data and files off-site.
The report from Googleâ€™s Cybersecurity Action Team found that hackers were performing cryptocurrency mining, a Cloud resource-intensive, for-profit activity, within hacked Google Cloud accounts.
Bitcoin mining is the process of adding more bitcoins to the digital currency ecosystem. Additional bitcoins are added through a computational process calledÂ mining.Â This is done by letting computer hardware calculate complex mathematical equations.
To ensure that no more coins are generated every day than originally intended, the mining process is linked to a difficulty rating which goes up and down depending on the number of miners competing for network blocks.
Out of 50 recently compromised Google Cloud Platform (GCP) instances, 86% were used to perform cryptocurrency mining, according to the report.
Additionally, 10% of compromised Cloud instances were used to conduct scans of other publicly available resources on the Internet to identify vulnerable systems, and 8% of instances were used to attack other targets.Â
Google recently launched itsÂ Cybersecurity Action Team, to use more of their security abilities and advisory services to increase customersâ€™ defenses.Â
â€˜Malicious hackers exploit improperly-secured cloud instances to download cryptocurrency mining software to the systemâ€”sometimes within 22 seconds of being compromised,â€™ said the report.
In three-quarters of the cloud hacks, hackers had taken advantage of poor customer security or vulnerable third-party software according to Google.
Other threats identified by the team include Russian hackers attempting to gain usersâ€™ passwords using a Gmail phishing campaign, North Korean hackers posing as Samsung job recruiters and a new ransomeware called Black Matter used to extort money from victims.
In the majority of cases the cryptocurrency mining software was downloaded within 22 seconds of the account being compromised.Â
Citing these cyber threats, Google recommended its cloud customers to improve their security by including two-factor authentication â€” an extra layer of security on top of a generic user name and password â€” and signing up to the companyâ€™s work safer security programme.
The report detailed Russian government-backed hacking groupÂ APT28,Â also known as Fancy Bear, that targeted 12,000 Gmail accounts in a phishing attempt.
The attackers used patterns similar to government-backed attack alerts to lure users to change their credentials on the attackerâ€™s phishing page. However, Google blocked these messagesâ€”primarily aimed at UK, the US and Indiaâ€”and no usersâ€™ details were compromised.Â
The report also highlighted a scam involving aÂ North Korea-backedÂ hacker group posing as recruiters at Samsung, sending fake job opportunities to employees at South Korean information security companies. Victims were directed towards a link to malware stored in a Google Drive, which has since been blocked.
Ransomware was also another significant threat detected by Google where the the attacker hold the victimâ€™s files and data hostage using encryption until a payment is made.
Google warned users of a relatively new ransomware called Black Matter, which could be an immediate offspring of DarkSide, which has been used to target multiple large, high-revenue organizationsÂ by holding their sensitive data hostage.Â
Black Matter is capable of encrypting files on a victimâ€™s hard drive and network in a short period and its victims include the Japanese technology group Olympus.
Google said dealing with ransomware attacks was difficult because the heavy encryption â€˜makes recovery of files nearly impossible without paying for the decryption toolâ€™.
The report said that it had received reports that the Black Matter ransomware group would be shutting down operations due to outside pressure but this is yet to be confirmed.
â€˜Given these specific observations and general threats, organizations that put emphasis on secure implementation, monitoring and ongoing assurance will be more successful in mitigating these threats or at the very least reduce their overall impact,â€™ said Google.
While data theft did not occur in these instances the tech giant still deemed it a risk for cloud hacking â€˜as bad actors start performing multiple forms of abuseâ€™.
Google aims to publish threat intelligence reports like this in the future that provides threat horizon scanning, trend tracking, and Early Warning announcements about emerging threats requiring immediate action.