Cyber attackers have intensified attacks on poorly configured cloud Instances to mine cryptocurrencies. Out of the 50 Google Cloud Platform (GCP) Instances that were compromised recently, 86% were used for cryptocurrency mining by unknown threat actors, stated a new Cloud Threat Intelligence report by Google Cybersecurity Action Team, published November 2021.
An Instance is a term used for a virtual server, which runs the workload in a public or private cloud. Since the Instances are virtualised, they can share hardware resources and scale easily.
In 75% of the cases, the attackers gained access to the Google Cloud Instances by exploiting poor customer security practices or vulnerable third-party software, the report said.
Also, in 58% of the cases, the cryptocurrency malware was downloaded on the system within 22 seconds of being compromised, the security team noted after analysing timeline information.
Targeting cloud systems for crypto mining has become highly lucrative for threat actors, given the recent surge in value for cryptos, especially Bitcoin which soared to an all-time high of almost $68,000 early this month.
A 2020 report by Aqua Security, which found that 95% of attacks on cloud computing platforms were motivated by crypto mining, also confirms this. The report also shows that attacks on cloud platforms increased by 250% in 2020, as compared to the previous year.
Another cybersecurity firm Trend Micro also saw similar trends. Trend Micro found that attacks on Alibaba cloud servers for crypto mining have increased. They found that the malware was created specifically for the Alibaba Elastic Compute Service (ECS) Instance that uses the latest Intel CPUs.
During their investigation, Trend Micro identified an APT group called TeamTNT that has been targeting cloud instances repeatedly to plant crypto-mining malware on cloud servers to mine Monero private coins.
The malware used for the attacks on Alibaba cloud was also found to be similar to the one used to target Huawei Cloud early this year, the cybersecurity firm said.
Cryptocurrency mining is a resource-intensive task. Cloud computing platforms run on powerful CPUs and GPUs and that puts a lot of computing power in the hands of attackers to mine cryptos.
Another reason for targeting cloud platforms is that they are designed to automatically scale resources as per the requirements of the customers.
The recent boom in cloud computing to support remote and hybrid work and the lacklustre attitude to security has only expanded the attack surface and made the job easier for threat actors.