Posted on November 26, 2021 at 6:03 PM

Google Says Crypto Mining Hackers Are Targeting Google Cloud Accounts

Google recently issued a warning regarding cyber hackers using compromised cloud accounts to mine cryptocurrencies. The tech giant highlighted details of the hack in its first threat horizon report, which states that the most attacked Cloud accounts involve crypto theft.

The team also identified other threats, including Russian state threat actors looking to gain access to users’ passwords, according to the Google security team, these threat actors are issuing warnings to the targeted users that they are being exploited by state-sponsored actors. In another identified threat, the Google team said North Korean hackers are impersonating Samsung job recruiters to deceive their victims to release sensitive personal details. 

But the Google security team noted that the threat coming from the cybercriminals in the crypto industry is a huge one.

Hackers Take Advantage Of The Booming Crypto Industry 

The booming crypto market has attracted both genuine investors and criminals looking to use dubious means to mine crypto assets.

As mining requires a significant amount of computing power, many people don’t have the resources to maintain a system that can system. As a result, some threat actors have devised means of hacking Google cloud accounts to enable them to mine cryptocurrencies.

Google reported that of the 50 recent hacking incidences discovered on its cloud computing service, over 80% of them are used for crypto mining.

According to the Google report, 86% of the affected Google Cloud instances were used to carry out crypto mining. The report also noted that in almost all cases, the crypto mining software was successfully downloaded within 22 seconds after the accounts were compromised. Google also reported that the threat actors took advantage of vulnerable third-party software in three-quarters of the cloud hacks. Some of the affected accounts were not adequately secured by the customers, which gave the hackers easy access to their network.

As a result, Google has recommended that its cloud customers improve their security structure by protecting their accounts using two-factor authentication. With the extra layer of protection, it will be more difficult for the hackers to bypass all the security checks before gaining access.

The tech giant has also advised cloud customers to sign up for its work safer security program to have a deeper understanding of standard security protocols.

Notorious group Fancy Bear still is still active

Google also noted that the notorious threat actor group APT28 or Fancy Bear attempted a massive phishing attack on 12,000 Gmail accounts. The report claimed that the threat actors deceive the targeted victims into giving details of their accounts. 

The attack targeted US, UK, and Indian users, although the Google team says no user detail was compromised in the attack.

 “We believe that government-backed attackers may be trying to trick you to get your account password,” Google stated, adding that all the phishing emails used in the attack have been suspended. 

As stated earlier, Google also discovered another hacking attempt involving a North Korean threat actor that posed recruiters at electronic giant Samsung. 

The report revealed that the hacking group was sending fake job opportunities to workers at South Korean Information Security firms. They are sent an email that contains a malicious link, asking the victims to access the information by clicking on the link. Once the victim obliges, they are directed towards malware stored in Google Drive. 

Google warns against formidable ransomware family “Black Matter”

Google also stated that it’s very difficult to deal with ransomware attacks, especially when the threat actors have succeeded and looking to collect ransom from the victim. In cases where the files or data on the user’s computer are encrypted by the threat actor until the ransom is paid, it will be difficult to decrypt the data without paying for the decryption tool.

This means even after paying the ransom and getting the data back, there is no guarantee that the information will remain intact the way it was before the theft.

Google also alerted the public about the emergence of another formidable ransomware family known as Black Matter.

Victims of ransomware attacks include the Japanese technology group Olympus. However, the group responsible for the ransomware indicated interest to shut down completely, citing extreme pressure from authorities as its reason. But Google has warned to still take the risk the malware poses seriously until it’s fully confirmed.