86% of hacks in Google Cloud were used for illegal crypto mining
December 2021 by Atlas VPN
Many successful attacks on the cloud infrastructure are due to poor cybersecurity measures and a lack of control implementations.
According to the data presented by the Atlas VPN team, 86% of hacked Google Cloud accounts are used for illegal crypto mining. In addition, most instances of compromise in Google Cloud are due to weak or no password for the user account.
Hackers conducted cryptocurrency mining 86% of the time after gaining access to a Google Cloud account. Cryptocurrency mining is a for-profit activity, which consumes a large amount of GPU and CPU resources.
Conducting port scanning of other targets on the Internet occurred 10% of the time after Google Cloud compromised instance. Port scanning enables cybercriminals to identify weak spots in the network and exploit found vulnerabilities.
Hackers launched attacks against other targets on the internet 8% of the time following a Google Cloud account hack. Hosting malware on the cloud was the goal of 6% of cybercriminals.
Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on attacks against cloud services:
“The advantages of cloud-hosted resources include high availability and access at any time. While this simplifies workforce operations, hackers may exploit the cloud’s pervasive nature for their benefit. Despite the increased interest in cybersecurity, spear-phishing and social engineering attacks are still very effective.”
Most exploited vulnerabilities
While trying to deliver a cyberattack, cybercriminals always search for the simplest way to compromise their target.
Weak or no password for a user account or no authentication for APIs caused 48% of the Google Cloud hacks. It indicates that users could have avoided compromising their accounts if they had set up a stronger password.
Hackers exploited a vulnerability in third-party software in the Cloud instance in 26% of cases. If the hacks exploited a zero-day vulnerability, the fault could be attributed to the software developers not releasing an update. However, if a patch was released, responsibility for the compromise falls to the user not updating the software in time.
Misconfiguration of Cloud instance or in third-party software allowed 12% of hacks in Google Cloud. Any mistakes, malfunctions, or gaps in your infrastructure that put you at risk are known as misconfiguration.
Other issues caused 12% of compromises in the Google Cloud. While leaked credentials, such as keys published in GitHub projects, were exploited in 4% of attacks.