Google Reports How Cyber-Attackers Brute-Forced Cloud Accounts and Used Them for Crypto Mining

They say everything is in the cloud these days. Not just a buzzword, since recent statistics show a significant increase of data stored in the cloud along with the pandemic and the rise of hybrid work. According to Cloudwards, cloud data centers managed 94% of all workloads in 2021, and at least half of American organizations store confidential data on various cloud technologies.

As cloud storage goes upwards, it goes without saying that cloud security is fundamental.

That’s why Google’s latest warning regarding compromised Google Cloud accounts is a serious concern. Let’s see what happened behind this security breach that resulted in brute-forcing accounts and using them for crypto mining.

Threat Horizons Report Revealed Compromised Google Cloud Accounts

Google’s ‘Threat Horizons’ Report published recently shows that 86% of 50 compromised Google accounts were used for cryptocurrency mining. The rest of around 10% of the compromised accounts were used to identify vulnerable systems or to attack other targets in activities that included phishing scams and ransomware.

With cloud mining, crypto miners use a remote data center and share the processing power with other users who do the exact same thing. In other words, cloud mining is extremely efficient and simple as it doesn’t require managing or buying and maintaining hardware equipment. Users have to just register with an account, buy mining contracts for the cloud and remotely engage in the process of cryptocurrency mining.

The easiness of cloud mining is what probably drew cybercriminals to unleash their schemes. Still, they managed to get inside those Google Cloud accounts with either no password or a weak password. In a nutshell, cyber-attackers have easily scanned or brute-forced these accounts and downloaded mining software in just a few seconds.

Here’s what Google mentioned in one of their recent blog posts:

While cloud customers continue to face a variety of threats across applications and infrastructure, many successful attacks are due to poor hygiene and a lack of basic control implementation.”

Most Exploited Google Cloud Vulnerabilities

When employing a cyberattack, cybercriminals usually look for the easiest way to compromise their target. Whether it’s cloud mining or other digital activities, here are the most exploited vulnerabilities with Google Cloud:

      • weak passwords or no password at all for user accounts
      • lack of authentication for API (application programming interface)
      • vulnerability in third-party software in the Cloud instance
      • zero-day vulnerability due to lack of software update
      • misconfiguration of Cloud instance or in third-party software (e.g., mistakes, malfunctions, or gaps in infrastructure)
Twitter crypto mining Google Cloud

What is Crypto Mining?

Crypto mining is similar to mining precious metals like gold, silver or diamonds. Instead of metals, crypto miners dig deep to release new digital coins. To achieve this goal, crypto miners install machines that disentangle complex mathematical equations in the form of cryptographic hashes. A hash is like a digital signature of a set of data. Crypto mining requires using hashes to secure data transfers via a public network.

Miners are in a race against each other to solve the equation. Whoever does that first receives a fraction of a cryptocurrency transaction as a reward for their effort. Each successful transaction results in new coins into circulation locked into a distributed ledger called the blockchain.

Find out how to secure your cryptocurrencies transactions with a VPN.

In the early days of crypto mining, miners could simply use a CPU chip on a home computer. Over time, the increasing difficulty level of mathematical equations made it nearly impossible to mine cryptocurrencies on a home computer. That’s why today, specialized GPU (graphics processing unit) or an application-specific integrated circuit (ASIC) miner and cloud mining are most common.

Start Securing Your Cloud Data

Cybersecurity hygiene is essential these days, not just with safe cloud storage but also in general. Find below basic safety protection measures that go beyond securing your cloud data.

Create strong passwords

Using strong and unique passwords for each account is a small but necessary step that greatly impacts your security and privacy.

The longer and the more complex, the better; it’s a good and easy way not to become a soft target for cybercriminals.

Use a password manager

Sharing your credentials in emails, private messages, or video calls is a big no-no! Instead, keeping all your passwords in a secure, encrypted medium is the way to go. That’s the whole point behind password management tools. Create indestructible passwords and store as many as you like with CyberGhost password manager.

Enable the 2FA authentication method

The two-factor authentication (2FA) is another basic safety method to minimize the risk of account compromise. A second security layer to your credentials creates a safety net that makes you a harder target for cybercriminals. If they manage to guess or brute-force your password, they can’t get inside your account having the 2FA enabled.

Always sign out of your accounts

You may have adjusted to this habit already; it’ still an important reminder for those occasions when you’re in a hurry or multi-task and may forget this step.

Even if you rarely use an account or believe there’s no important data stored, logging out prevents unauthorized access just in case anyone gets their hands or peeps inside your device.

Allow only necessary permissions

Control who and what has access to your cloud storage files. Some apps can be intrusive and require access to data from your device, like your contacts list, which can be unnecessary.

Pay attention to app permissions and controls to make sure you allow only apps that need access to your cloud storage. Also, check your cloud service security features, as some of them provide real-time alerts to track your file access, including unauthorized access.

Implement Google’s Work Safer product

A security practice dedicated explicitly to Google services, Google’s Work Safer was launched along with the rise of hybrid work. This is a service that offers cloud-native and zero-trust solutions for secure access that covers threat and data protection, among other things.


What do you do to keep your crypto mining account or any cloud storage secure?

Let me know in the comments section below.

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*