aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
    • Learning
  • Tools
  • About
Cryptocurrency
  • Engineering

Illicit Coin Mining, Ransomware, APTs Target Cloud Users In First Google Cybersecurity Action Team Threat Horizons Report

  • aster.cloud
  • November 30, 2021
  • 3 minute read

At Google we have an immense aperture into the global cybersecurity threat landscape and the means to mitigate risks that stem from those threats. With our recently launched Google Cybersecurity Action Team, we are bringing more of our security abilities and advisory services to our customers to increase their defenses.

A big part of this is to bridge our collective threat intelligence to yield specific insights, such as when malicious hackers exploit improperly-secured cloud instances to download cryptocurrency mining software to the system—sometimes within 22 seconds of being compromised. This is one of several observations that we have published in the first issue of the Threat Horizons report (read the executive summary or the full report.) The report highlights recent observations from the Google Threat Analysis Group (TAG), Google Cloud Security and Trust Center, Google Cloud Threat Intelligence for Chronicle, Trust and Safety, and other internal teams who collectively work to protect our customers and users.


Partner with aster.cloud
for your next big idea.
Let us know here.



From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.
CYBERPOGO.COM :: For the Arts, Sciences, and Technology.
DADAHACKS.COM :: Parenting For The Rest Of Us.
ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.
TAKUMAKU.COM :: For The Hearth And Home.
ASTER.CLOUD :: From The Cloud And Beyond.
LIWAIWAI.COM :: Intelligence, Inside and Outside.
GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.
FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.
ASTERCASTER.COM :: Supra Astra. Beyond The Stars.
BARTDAY.COM :: Prosperity For Everyone.

The report’s goal is to provide actionable intelligence that enables organizations to ensure their cloud environments are best protected against ever-evolving threats. In this and future threat intelligence reports, the Google Cybersecurity Action Team will provide threat horizon scanning, trend tracking, and Early Warning announcements about emerging threats requiring immediate action.

While cloud customers continue to face a variety of threats across applications and infrastructure, many successful attacks are due to poor hygiene and a lack of basic control implementation. Most recently, our internal security teams have responded to cryptocurrency mining abuse, phishing campaigns, and ransomware. Given these specific observations and general threats, organizations that put emphasis on secure implementation, monitoring and ongoing assurance will be more successful in mitigating these threats or at the very least reduce their overall impact.

Read More  Using Google Cloud Service Account Impersonation In Your Terraform Code

The cloud threat landscape in 2021 was more complex than just rogue cryptocurrency miners, of course. Google researchers from TAG exposed a credential phishing attack by Russian government-supported APT28/Fancy Bear at the end of September that Google successfully blocked; a North Korean government-backed threat group which posed as Samsung recruiters to send malicious attachments to employees at several South Korean anti-malware cybersecurity companies; and detected customer installations infected with Black Matter ransomware (the successor to the DarkSide ransomware family.)

Across these four instances of malicious activity, we see the impact of poorly-secured customer installations. To stop them, we embrace a shared fate model with our customers, and provide trends and lessons learned from recent cybersecurity incidents and close calls. We suggest several concrete actions for customers that will help them manage the risks they face. Vulnerable GCP instances, spear-phishing attacks, patching software, and using public code repositories all come with risks. Following these recommendations can reduce the chance of unexpected financial losses and outcomes that may harm your business:

  • Audit published projects to ensure certs and credentials are not accidentally exposed. Certs and credentials are mistakenly included in projects published on GitHub and other repositories on a regular basis. Audits help avoid this mistake.
  • Authenticate downloaded code with hashing. The common practice for clients to download updates and code from cloud resources raises the concern that unauthorized code may be downloaded in the process. Meddler in the Middle (MITM) attacks may cause unauthorized source code to be pulled into production. Hashing and verifying all downloads preserves the integrity of the software supply chain and establishes an effective chain of custody.
  • Use multiple layers of defense to combat theft of credentials and authentication cookies. Cloud-hosted resources have the benefit of high availability and “anywhere, anytime” access. While this streamlines workforce operations, malicious actors try to take advantage of the ubiquitous nature of the cloud to compromise cloud resources. Despite the growing public attention to cybersecurity, spear-phishing and social engineering tactics are frequently successful, so defensive measures need to be robust and layered to protect cloud resources due to ubiquitous access. In addition to two-factor authentication, Cloud administrators should strengthen their environment through Context-Aware Access and solutions such as BeyondCorp Enterprise and Work Safer.
Read More  Cloud Migration: What You Need To Know (And Where To Find It)

The executive summary of the Threat Horizons report is available here, and the full report goes into greater detail of the current cloud threat landscape and the steps we recommend to reduce those risks, and can be downloaded here.

 

 

By: Bob Mechler (Director, Office of the CISO, Google Cloud) and Seth Rosenblatt (Security Editor, Google Cloud)
Source: Google Cloud Blog


For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

aster.cloud

Related Topics
  • Cryptocurrency
  • Cybersecurity
  • Google Cloud
  • Ransomware
  • Security
  • Threat Horizons
You May Also Like
View Post
  • Engineering
  • Technology

Guide: Our top four AI Hypercomputer use cases, reference architectures and tutorials

  • March 9, 2025
View Post
  • Computing
  • Engineering

Why a decades old architecture decision is impeding the power of AI computing

  • February 19, 2025
View Post
  • Engineering
  • Software Engineering

This Month in Julia World

  • January 17, 2025
View Post
  • Engineering
  • Software Engineering

Google Summer of Code 2025 is here!

  • January 17, 2025
View Post
  • Data
  • Engineering

Hiding in Plain Site: Attackers Sneaking Malware into Images on Websites

  • January 16, 2025
View Post
  • Computing
  • Design
  • Engineering
  • Technology

Here’s why it’s important to build long-term cryptographic resilience

  • December 24, 2024
IBM and Ferrari Premium Partner
View Post
  • Data
  • Engineering

IBM Selected as Official Fan Engagement and Data Analytics Partner for Scuderia Ferrari HP

  • November 7, 2024
View Post
  • Engineering

Transforming the Developer Experience for Every Engineering Role

  • July 14, 2024

Stay Connected!
LATEST
  • college-of-cardinals-2025 1
    The Definitive Who’s Who of the 2025 Papal Conclave
    • May 7, 2025
  • conclave-poster-black-smoke 2
    The World Is Revalidating Itself
    • May 6, 2025
  • 3
    Conclave: How A New Pope Is Chosen
    • April 25, 2025
  • Getting things done makes her feel amazing 4
    Nurturing Minds in the Digital Revolution
    • April 25, 2025
  • 5
    AI is automating our jobs – but values need to change if we are to be liberated by it
    • April 17, 2025
  • 6
    Canonical Releases Ubuntu 25.04 Plucky Puffin
    • April 17, 2025
  • 7
    United States Army Enterprise Cloud Management Agency Expands its Oracle Defense Cloud Services
    • April 15, 2025
  • 8
    Tokyo Electron and IBM Renew Collaboration for Advanced Semiconductor Technology
    • April 2, 2025
  • 9
    IBM Accelerates Momentum in the as a Service Space with Growing Portfolio of Tools Simplifying Infrastructure Management
    • March 27, 2025
  • 10
    Tariffs, Trump, and Other Things That Start With T – They’re Not The Problem, It’s How We Use Them
    • March 25, 2025
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • 1
    IBM contributes key open-source projects to Linux Foundation to advance AI community participation
    • March 22, 2025
  • 2
    Co-op mode: New partners driving the future of gaming with AI
    • March 22, 2025
  • 3
    Mitsubishi Motors Canada Launches AI-Powered “Intelligent Companion” to Transform the 2025 Outlander Buying Experience
    • March 10, 2025
  • PiPiPi 4
    The Unexpected Pi-Fect Deals This March 14
    • March 13, 2025
  • Nintendo Switch Deals on Amazon 5
    10 Physical Nintendo Switch Game Deals on MAR10 Day!
    • March 9, 2025
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.