Google is warning that crypto miners are compromising Google Cloud accounts for mining operations.
Crypto mining is a profitable endeavor that relies on significant computing resources. According to Google, malicious actors have been compromising Google Cloud instances and using them for mining.
Malicious actors were observed performing cryptocurrency mining within compromised Cloud instances. Of 50 recently compromised GCP instances, 86% of the compromised Cloud instances were used to perform cryptocurrency mining, a Cloud resource-intensive, for-profit activity. Additionally, 10% of compromised Cloud instances were used to conduct scans of other publicly available resources on the Internet to identify vulnerable systems, and 8% of instances were used to attack other targets. While data theft did not appear to be the objective of these compromises, it remains a risk associated with the cloud asset compromises as bad actors start performing multiple forms of abuse.
Google recommends conducting regular audits to ensure credentials are not exposed, hashing downloaded code and using a multi-layered defense strategy.