Recently, Google Cloud announced a new solution called Virtual Machine Threat Detection (VMTD) in a bid to protect crypto miners from cryptojacking attacks. This Google Cloud solution will also protect poorly configured accounts that have been hacked and are being used to mine cryptocurrency.
At present, the Virtual Machine Threat Detection is accessible in the Security Command Center (SCC) in the form of a public preview. The SCC provides clients with an overview of their Google Cloud environments, allowing them to get insight into their cloud assets and identify potential vulnerabilities and misconfigurations in cloud assets to detect potential attacks. It also assists clients in maintaining industry standards and benchmarks compliance.
Cryptojacking is an unlawful practice in which hackers exploit a computer’s processing power to mine cryptocurrencies such as bitcoin and Ethereum. The money is subsequently transmitted to the hacker who is in charge of the software. Systems infected with cryptojacking malware operate substantially slower, and victims are frequently unaware that their computers are being targeted, as such software is difficult to detect. When a system is infected, malicious software works silently in the background at the expense of performance loss. Typically, no personal information is extracted while the malware is running to evade detection for an extended period of time, during which a cybercriminal can make a substantial profit. Cryptojacking is also used by cybercriminals over the cloud when hackers steal an organization’s credentials to obtain access to their cloud environment, rather than a local device, where they run their cryptojacking malware.
As cryptojacking software does not need the victim to establish a command and control link with the attacker, coupled with the reality that the victim is simply losing processor cycles that would have been idle anyway, have all contributed to cryptojacking’s meteoric rise in popularity among hackers. In the earlier days, cryptojacking attempts used Coinhive’s crypto mining software to infect mobile and PCs via browsers. Soon after, the attackers moved cloud data centers, where servers are significantly more numerous and powerful than mobile devices and PCs, providing a new target for cryptojacking software.
According to the announcement, the new security service would scan Google Cloud virtual machine instances to detect crypto-mining risks without forcing clients to install new software. To maintain confidence among cloud customers apprehensive of providers monitoring their data, Google also stated that the new security feature would be an opt-in feature and provide encrypted memory when going from a CPU to RAM.
Google Clouds’ VMTD detects a wide range of security risks like cryptojacking by scanning virtual machine instances in Google Compute Engine, including crypto-mining malware, hijacking virtual machines, and redirecting their computational resources to mine cryptocurrencies. One of the best features of VMTD is that it captures signals that can be used to identify threats without the need for additional software, therefore it has no performance cost.
This is a significant breakthrough since traditional security software depends on running software agents within a virtual Machine to gather signals and data that might indicate the presence of cyber threats, but this can incur a negative performance impact. VMTD, on the other hand, extends the capabilities of SCC by leveraging agentless memory scanning to identify risks inside Google Cloud VM-based systems.
This news comes after Google published Threat Horizons report last November claiming 86% of compromised Google Cloud instances were used for cryptocurrency mining and 10% were used to perform scans for other vulnerable instances. In addition, the attackers exploited poor customer security practices or vulnerable third-party software in nearly 75% of all cases.
Such measures are a must, given the fact that the cryptocurrency market has sky-rocketed over the past couple of years.