GOOGLE has issued an urgent warning over Cloud accounts as Cryptocurrency miners target users and hack within 22 seconds, reports say.
Details of the hack were highlighted in Google’s first threat horizon report issued by the company’s cybersecurity action team.
3
3
Google‘s cloud service is a remote storage system where the tech giant stores customers’ data and files off-site and advises on how to tackle them.
“The report’s goal is to provide actionable intelligence that enables organizations to ensure their cloud environments are best protected against ever-evolving threats,” Google said in its report.
“In this and future threat intelligence reports, the Google Cybersecurity Action Team will provide threat horizon scanning, trend tracking, and Early Warning announcements about emerging threats requiring immediate action.”
The report said that “86% of the compromised Google Cloud instances were used to perform cryptocurrency mining, a cloud resource-intensive for-profit activity”, adding that in the majority of cases, the cryptocurrency mining software was downloaded within 22 seconds of the account being compromised.
Google said that in three-quarters of the cloud hacks, the attackers had taken advantage of poor customer security or vulnerable third-party software.
Google’s recommendations to its cloud customers to improve their security include two-factor authentication.
The two-factor authentication is an extra layer of security on top of a generic user name and password.
Google also recommends users sign up for the company’s work safer security program.
RUSSIAN AND NORTH KOREAN HACK ATTEMPTS
Other threats identified in the report include Russian state hackers attempting to gain users’ passwords by warning they have been targeted by government-backed attackers, North Korean hackers posing as Samsung job recruiters and the use of heavy encryption in ransomware attacks.
According to Google, the Russian government-backed hacking group APT28, also known as Fancy Bear, targeted 12,000 Gmail accounts in a mass attempt at phishing, where users are tricked into handing over their login details.
The attackers attempted to lure account holders into handing over their details via an email that said: “We believe that government-backed attackers may be trying to trick you to get your account password.”
Google said it had blocked all the phishing emails in the attack – which focused on the UK, US and India – and no users’ details had been compromised.
Meanwhile, the company said a North Korea-backed hack group posed as Samsung recruiters and sent fake job opportunities to employees at South Korean information security companies.
Victims were then steered towards a malicious link to malware stored in Google Drive, which has now been blocked.
3
We pay for your stories!
Do you have a story for The US Sun team?
