Compromised Google Cloud Platform instances are riddled with cryptominers

Google Cloud's Threat Intelligence report revealed some alarming findings about the security of business' cloud environments

Stocks for the most well-known cryptocurrencies

Google Cloud has revealed that 86% of compromised Google Cloud Platform (GCP) instances in 2021 led to cryptocurrency miners being dropped into customers' environments.

Cryptocurrency miners being installed in cloud instances was the leading issue facing GCP customers this year with 58% of compromised instances having cryptominers installed within just 22 seconds of attackers gaining access.

Google Cloud's Cybersecurity Action Team (CAT) said this led it to believe the process was script-driven without requiring human intervention.

GCP customers were targeted heavily with attackers attempting to leverage the high levels of compute available to them, without having to foot the bill.

Google Cloud also revealed cloud instances have been compromised in as little as 30 minutes, with the majority taking just eight hours.

The CAT at Google's cloud arm noticed attackers are monitoring the public IP address space for signs of unsecured GCP instances, knowing how quickly they can compromise each one.

"Given that most instances were used for cryptocurrency mining rather than exfiltration of data, Google analysts concluded the Google Cloud IP address range was scanned rather than particular Google Cloud customers being targeted," the report read.

"The amount of time from the launch of a vulnerable Google Cloud instance until compromise varied with the shortest amount of time being under 30 minutes."

Related Resource

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Blonde woman in professional clothing writing on a board Free download

CAT researchers also noted that threat actors gained access to GCP instances through exploiting poor customer security practices or vulnerable third-party software in almost 75% of all cases.

Half of these cases were compromised because of attackers exploiting instances with weak or in some cases no passwords for user accounts or API connections.

This meant unsecured GCP instances could quite easily be scanned by attackers and brute-forced with minimal difficulty.

Google Cloud customers were also at fault in 26% of cases for installing third-party software in their instance which was then exploited to gain access.

Google Cloud's basic recommended mitigations to the flaws allowing attackers into GCP instances include ensuring accounts always have strong passwords, updating third-party software before a cloud instance being exposed to the web, and not publishing credentials in GitHub projects

Container Analysis is also available to GCP customers to perform vulnerability scanning and metadata storage for containers, while the Web Security Scanner in the Security Command Center can identify security vulnerabilities in their App Engine, Google Kubernetes Engine, and Compute Engine web applications.

Featured Resources

The challenge of securing the remote working employee

The IT Pro Guide to Sase and successful digital transformation

Free Download

VMware Cloud workload migration tools

Cloud migration types, phases, and strategies

Free download

Practices for maximising the business value of digital infrastructure Consumption-as- a-Service subscriptions

IDC PeerScape

Free Download

Container network security guide for dummies

Enforcing Kubernetes best practices

Free download

Recommended

Google banned from importing patent-infringing tech following Sonos IP victory
Policy & legislation

Google banned from importing patent-infringing tech following Sonos IP victory

7 Jan 2022
Google, Facebook fined €210 million for making it difficult for users to reject cookies
Policy & legislation

Google, Facebook fined €210 million for making it difficult for users to reject cookies

6 Jan 2022
Google is working with leading PC manufacturers to improve Android on Windows
Google Android

Google is working with leading PC manufacturers to improve Android on Windows

6 Jan 2022
Google Cloud acquires Israeli security startup Siemplify
cloud security

Google Cloud acquires Israeli security startup Siemplify

5 Jan 2022

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
Solving cyber security's diversity problem
Careers & training

Solving cyber security's diversity problem

5 Jan 2022