Malicious actors had recently compromised 50 Google Cloud Platform instances, of which the majority were used for cryptocurrency mining.
In more than half (58%) of situations analysed, the cryptomining software was downloaded to the user’s system within 22 seconds of being compromised. As a result, Google Cloud researchers suggest these were – understandably – scripted events, not requiring human intervention. Prevention, therefore, is better than cure.
Additionally, 10% of compromised cloud instances were used to conduct scans of other publicly available resources on the Internet to identify vulnerable systems, while 8% were used to attack other targets. ‘While data theft did not appear to be the objective of these compromises, it remains a risk associated with the cloud asset compromises as bad actors start performing multiple forms of abuse,” wrote Google Cloud.
The report’s goal is to ‘provide actionable intelligence that enables organizations to ensure their cloud environments are best protected against ever-evolving threats.’ Read the full report here, or an executive summary here.