Bitcoin and other cryptocurrencies have come under fire in light of the fact that crypto mining is an expensive undertaking – in fact, tech influencers like Tesla billionaire Elon Musk have gone on record for criticizing Bitcoin based purely on environmental concerns.
Google has revealed that the miners of Bitcoin and other digital assets have been using compromised Google Cloud accounts to bolster their mining efforts in the cloud.
The recent breach of Google’s platform security was documented in a report by the American tech giant’s cybersecurity team. Titled “Threat Horizons”, the publication brought attention to the cyber developments as part of its commitment to serve cyber intelligence to organizations – the effort is seen as a step towards maintaining a healthy state of cybersecurity in the cloud.
According to the report, as many as 86 percent of 50 recently-hacked Google Cloud events were being leveraged by crypto miners to intensify their operations. The most obvious problem with this occurrence is the fact that the crypto miners are exploiting the accounts while avoiding the requisite cloud fees.
The Google report noted that while the crypto miners are able to amass cryptocurrency from the hacked Google Cloud Accounts, the account owners are left to pay for usage bills for services they never accessed.
Rogue Miners Exploit Weak Account Security
According to Google, third party access to the compromised Google Cloud accounts was traced back to the most common reasons why people get hacked in the first place. It turns out that the crypto miners took advantage of weak account security to access the cloud accounts for their benefit.
The tech firm intimated that 48 percent of the cases involving compromised accounts were associated with cloud accounts with weak or no passwords, including no authentication mechanisms for APIs.
Nonetheless, 26 percent of the incidents were blamed on a vulnerability in third-party software within the Cloud – 12 percent was linked to “other issues” The Google analysis also designated another 12 percent to the misconfiguration of Cloud instances or in third-party software while only 4 percent of the hacks was attributed to leaked credentials.
The tech giant asserts that a majority of the incidents were actually machine-led and thus did not feature any human control. The conclusion was made as a result of findings that showed that mining software had been downloaded to the instances within a shocking 22 seconds of being hacked.