Google cloud hacks mostly used for illegal cryptomining
New data from AtlasVPN shows that 86 percent of hacked Google Cloud accounts are used for illegal cryptomining.
Besides cryptojacking, other uses of compromised accounts include conducting port scanning of other targets on the Internet, occurring 10 percent of the time after a Google Cloud compromise.
Launching attacks against other targets on the internet occurs eight percent of the time, and hosting malware on the cloud is the goal of six percent of cybercriminals.
Cybersecurity writer at Atlas VPN Vilius Kardelis says, "The advantages of cloud-hosted resources include high availability and access at any time. While this simplifies workforce operations, hackers may exploit the cloud's pervasive nature for their benefit. Despite the increased interest in cybersecurity, spear-phishing and social engineering attacks are still very effective."
When it comes to the vulnerabilities that allow the hacks to take place, having a weak or no password for a user account or no authentication for APIs accounts for 48 percent of Google Cloud hacks.
Hackers exploited a vulnerability in third-party software in the Cloud instance in 26 percent of cases. If the hacks exploited a zero-day vulnerability, the fault could be attributed to the software developers not releasing an update. However, if a patch was released, responsibility for the compromise falls to the user not updating the software in time.
Misconfiguration of cloud instances or in third-party software allowed 12 percent of hacks in Google Cloud. Various other issues caused 12 percent of compromises, While leaked credentials, such as keys published in GitHub projects, were exploited in four percent of attacks.
You can read more on the AtlasVPN blog.