Recently, Google stated in its first cloud threat intelligence: "Analysis of systems used to perform unauthorized cryptocurrency mining shows that in 58% of cases, cryptocurrency mining software will be compromised within 22 seconds of being compromised. Download it to the system,"
So far, cryptocurrency mining is the main malicious activity performed by attackers using misconfigured instances hosted on GCP, accounting for 86% of all operations performed after being compromised. Another 26% of infected instances were caused by vulnerabilities in third-party software used by users.
In many cases, attackers act very quickly after destroying an instance and installing encrypted malware to use other people's CPU and GPU resources for their own benefit for free.
In addition, it should be noted that the time for these attackers from discovering an insecure cloud instance to invading the cloud instance is very short, and the shortest time is 30 minutes after the instance is deployed. In 40% of the cases, the time to complete the invasion is less than 8 hours.
Network security company Palo Alto Networks also found that of the 320 Internet-facing “honeypot” instances in the cloud designed to attract attackers, 80% were compromised within 24 hours.
Nearly half of the compromised instances were carried by attackers who accessed the instances without passwords or weak passwords for user accounts or API connections, which means that these instances can be easily scanned and used forcibly.
Although the target of the intrusion is not data theft, it is still a risk associated with cloud assets as attackers begin to perform various forms of cloud resource abuse.
The report stated: "This shows that the public IP address space is regularly scanned for vulnerable cloud instances. This is not a question of whether a vulnerable cloud instance is detected, but a question of when it is detected."
It is understood that the report summarizes the observation results of Google Threat Analysis Group (TAG), Google Cloud Security and Trust Center, and Google Cloud Threat Intelligence Chronicle, Trust and Security Center last year.
Report link:
https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。