Hackers are using compromised Google accounts for crypto mining

Google researchers have published a report that presents the main threats to cybersecurity. It describes the problems associated with the security of the Google cloud service and suggested solutions.

According to the report, the main purpose of hacking Google Cloud accounts is to use them for cryptocurrency mining. Experts note that it takes about 20 seconds on average to download the software necessary for mining.

Malicious actors have gained access to Google Cloud accounts mainly due to the poor customer security practices and vulnerable third-party software. Almost half of the compromised accounts had a weak password. To reduce the risks of being hacked, Google experts recommend setting up two-factor authentication and using the “Work safer” package of tools developed by the company.

About 80% of the compromised accounts were involved in the crypto mining. Approximately 10% of them were used to scan resources on the Internet in order to identify vulnerabilities, and another 8% were used to attack other targets.

The report mentions a North Korean hacker group whose members posed as Samsung recruiters and sent fake job offers containing a link to malware located on Google Drive to victims. Recently, Google experts identified and prevented a phishing attack taken by Russian group APT28.

According to Atlas VPN, hidden miners were at the top of the malware rating in the first half of 2021. Such programs turn electronic devices into machines for crypto mining, which reduces productivity, increases equipment wear, and also makes it easier for bad actors to access the victim’s personal data. As a result, attackers receive constant profits, and the anonymity of cryptocurrencies allows them to remain undetected. Also, criminals can use Bitcoin ATMs to commit fraudulent activities.

As cryptocurrencies are increasingly used by fraudsters to commit crimes, governments and regulators are developing the necessary measures to prevent such malefactions.