The report dubbed Threat Horizons indicated [PDF] that 86% of the hacked accounts were deployed for crypto mining, with the search giant terming the activity as cloud resource-intensive for-profit. Google added that almost 10% of the compromised accounts were used to conduct scans of other publicly available internet resources to identify vulnerable systems. Elsewhere, another 8% of the hacked accounts were leveraged to attack other targets. The report also noted that most of the successful attacks for mining are due to poor passwords by users and a lack of basic control implementation. Google added that the cloud platform is also increasingly witnessing phishing campaigns and ransomware. Interestingly, 58% of cryptocurrency mining software breaches were downloaded within 22 seconds of the account being compromised. Additionally, Google said that the hackers did not appear interested in stealing victims’ data, but compromising the accounts remains a significant risk.
Threat from Russian hackers
At the same time, Google added that Russian government-backed hacking group APT28, also known as Fancy Bear, attacked about 12,000 Gmail accounts in a mass phishing attempt, tricking users into handing over their login details. Google also revealed that another hacking involved a North Korea-backed hacker group posing as recruiters at Samsung and sending fake job opportunities to South Korean information security firms employees. The report urged users to improve their security by incorporating two-factor authentication – an extra layer of security on top of the generic username and password alongside signing up to its work safer security program. [coinbase]
