Google Cloud Ramps Up Security With Virtual Machine Threat Detection To Combat Crypto Mining Attacks
Google Cloud will be expanding its suite of security capabilities to include detection for cryptocurrency mining in virtual machines, zeroing in on a common but difficult threat to identify.
By Andrew Senior
February 7th, 2022
Attacks that exploit computer resources to mine cryptocurrencies have been on the rise. A report from Google Cloud released in November 2021 discovered that over 86% of compromised instances on the public cloud platform included crypto mining activities. Something that traditionally is very hard to detect. Sunil Potti, Vice President and general manager for Google Cloud’s security business recently commented on the issue saying,
“…it’s very hard to detect that unless you really instrument your app.”
Virtual Machine Threat Detection will be introduced to customers of Google Cloud’s Security Command Center Premium offering, as a public preview. Potti commented that the technology behind Google’s Virtual Machine Threat Detection was originally developed to eliminate threats behind the scenes on Google’s own various properties.
An often underreported result of attacks involving cryptocurrency mining is that it is often only the first phase of a much larger attack. Roger Koehler, the Vice President of threat operations at Huntress recently said that,
“They can go and sell that access on the black market. And somebody bigger and badder may buy that, and do something more detrimental.”
In Google’s November report, Google Cloud stated that opposite to many computer attacks that data theft was not the objective of compromises focused on crypto mining, however, “in some instances, multiple malicious actions were performed from within a single compromised instance”, making data theft “…a risk associated with the cloud asset compromises as bad actors start performing multiple forms of abuse.”
Google will continue to expand their Virtual Machine Threat Detection to encompass other capabilities during the next few months. Potti commented that,
“We want to make sure that your environment is protected from threats associated with someone actually hacking into an account and spinning up other services.”
Google has made several major expansions of security capabilities including Cloud IDS, which went into general availability in December, as the company continues to heavily invest in cybersecurity. The cloud-native network security offering aims to provide simplified deployment and use with the goal of being a completely invisible layer of protection running behind the scenes while offering protection against malware and spyware, command and control attacks, and many other vulnerabilities, including illegal code execution and buffer overflow.
A survey of cloud engineering professionals highlighted that 36% of organizations suffered a serious cloud security data leak or a breach in the past year. Additionally, just over 64% said they expect the problem to persist and even worsen moving forward.
Disclaimer: The information above does not constitute investment, financial, trading or any other sort of advice and you should not treat any of the content on this site such. We do not recommend the purchase, sale, or holding of any cryptocurrency or other product. None of our content should be deemed as an offer to purchase, sell, or hold a cryptocurrency or other product or service. Please consider doing your own research and prioritize consulting a certified financial professional before making any investment decisions.