IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Compromised Google Cloud Platform instances are riddled with cryptominers

Google Cloud's Threat Intelligence report revealed some alarming findings about the security of business' cloud environments

Google Cloud has revealed that 86% of compromised Google Cloud Platform (GCP) instances in 2021 led to cryptocurrency miners being dropped into customers' environments.

Cryptocurrency miners being installed in cloud instances was the leading issue facing GCP customers this year with 58% of compromised instances having cryptominers installed within just 22 seconds of attackers gaining access.

Google Cloud's Cybersecurity Action Team (CAT) said this led it to believe the process was script-driven without requiring human intervention.

GCP customers were targeted heavily with attackers attempting to leverage the high levels of compute available to them, without having to foot the bill.

Google Cloud also revealed cloud instances have been compromised in as little as 30 minutes, with the majority taking just eight hours.

The CAT at Google's cloud arm noticed attackers are monitoring the public IP address space for signs of unsecured GCP instances, knowing how quickly they can compromise each one.

"Given that most instances were used for cryptocurrency mining rather than exfiltration of data, Google analysts concluded the Google Cloud IP address range was scanned rather than particular Google Cloud customers being targeted," the report read.

"The amount of time from the launch of a vulnerable Google Cloud instance until compromise varied with the shortest amount of time being under 30 minutes."

Related Resource

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Blonde woman in professional clothing writing on a board Free download

CAT researchers also noted that threat actors gained access to GCP instances through exploiting poor customer security practices or vulnerable third-party software in almost 75% of all cases.

Half of these cases were compromised because of attackers exploiting instances with weak or in some cases no passwords for user accounts or API connections.

This meant unsecured GCP instances could quite easily be scanned by attackers and brute-forced with minimal difficulty.

Google Cloud customers were also at fault in 26% of cases for installing third-party software in their instance which was then exploited to gain access.

Google Cloud's basic recommended mitigations to the flaws allowing attackers into GCP instances include ensuring accounts always have strong passwords, updating third-party software before a cloud instance being exposed to the web, and not publishing credentials in GitHub projects

Container Analysis is also available to GCP customers to perform vulnerability scanning and metadata storage for containers, while the Web Security Scanner in the Security Command Center can identify security vulnerabilities in their App Engine, Google Kubernetes Engine, and Compute Engine web applications.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Google Earth Engine open for business on Google Cloud, in corporate sustainability push
Cloud

Google Earth Engine open for business on Google Cloud, in corporate sustainability push

28 Jun 2022
Apple executive rejoins Google over remote work policy
flexible working

Apple executive rejoins Google over remote work policy

18 May 2022
Here’s the first look at Google’s new Bay View campus
Business operations

Here’s the first look at Google’s new Bay View campus

17 May 2022
Google offers UK SMBs £87,000 scholarships to boost tech skills
Careers & training

Google offers UK SMBs £87,000 scholarships to boost tech skills

10 May 2022

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022