Google Cloud to detect crypto-mining malware on virtual machines

Bad actors using malware to steal GPU power to mine crypto will have to up their game to deal with Google Cloud’s latest security protocol.

It’s a shot in the arm for Google Cloud users at risk of cryptocurrency mining attacks. The Google Cybersecurity Action Team (GCAT) has created a threat detection service to shield “poorly configured” accounts that attackers use to mine cryptocurrency. 

In a blog post, Google Cloud announced the Virtual Machine Threat Detection (VMTD) release in its Security Command Center (SCC) area. A means of scanning compute engines in Google Cloud, the VMTD successfully detects threats, including crypto-mining malware used inside virtual machines.

Crypto-mining malware attacks, sometimes called “cryptojacking,” are an ongoing nuisance in the industry. While browser-based cryptojacking activity spiked in the 2019 bear market, cloud-based crypto mining continues to beleaguer the space.

Cointelegraph reported in November last year that of 50 analyzed incidents relating to compromised Google Cloud Protocols, 86% were related to crypto mining. The Google “Threat Horizons” report highlighted hackers may seek to hijack GPU space to mine crypto as it is a “cloud resource-intensive for-profit activity.”

Upon receiving the data, the Google Cybersecurity Action Team sought to remedy the situation, building better protections for its virtual machine users.

The result is VMTD, a program that provides agentless memory scanning to help detect threats like crypto-mining malware. As well as delivering protections from coin mining, the VMTD also secures users from data exfiltration and ransomware.

Ransomware attacks flourished in 2021, reaching highs in April 2021. Some commentators suggest that the rise in ransomware attacks went hand in hand with crypto’s meteoric rise; regulators and industry players have made efforts to blunt the malpractice.

Related: Crypto miner in Texas shuts down 99% of operations as winter storm approaches

Regarding crypto-mining malware attacks, Google has made a concerted effort to stem the onslaught of malicious actors taking advantage of unknowing internet users’ CPU power and electricity in order to mine cryptocurrencies. In 2018, over 55% of businesses were reportedly affected worldwide, including Google’s Youtube.

The VMTD will steadily integrate with other parts of Google Cloud over the coming months, benefitting further Google Cloud users.

Leave a Reply

Your email address will not be published. Required fields are marked *