Google has launched today a new security feature for Google Cloud tenants that is meant to detect and block cryptomining operations that may be taking place behind the owners' backs.
NamedVirtual Machine Threat Detection(VMTD), Google said this new feature is an agentless system that continually scans the memory of virtual machines deployed in Google Cloud environments for tell-tale signs of increased CPU or GPU usage—specific to cryptomining operations.
To avoid false-positive detections, the feature has been left disabled by default; however, any customer can enable it for their GCP VMs. They can do this by going to the Settings page of their Security Command Center and looking under the Manage Settings section.
Google said the feature will only work with non-sensitive memory, and VMTD will not process memory from nodes marked as "Confidential."
VMTD has begun rolling out today for public preview, so tenants are recommended to enable it for smaller portions of their nodes and keep a close eye on its impact on performance.
"Over the next months as we move VMTD towards general availability, you can expect to see a steady release of new detective capabilities and integrations with other parts of Google Cloud," said Timothy Peaco*ck, Product Manager for Google Cloud.
Once the feature reaches general availability and is deemed stable, VMTD will most likely become a must-use security feature.
In areportpublished last year, the Google Cloud team said that after analyzing 50 recently compromised GCP instances, 86% were infected with cryptomining payloads that hijack tenants' resources such as the CPU or RAM to mine cryptocurrency for the attacker.
In many cases, these attackers enter customer accounts through one misconfigured system and then expand to entire internal networks, so administrators will most likely have to enable VMTD even for systems that are not directly available via the internet, just to be sure.
Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
Catalin Cimpanu
is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.
FAQs
Google has launched today a new security feature for Google Cloud tenants that is meant to detect and block cryptomining operations that may be taking place behind the owners' backs.
Does Google Cloud allow crypto mining? ›
It is indeed not allowed to perform cryptocurrency mining, as stated on this line: "2.2 Customer may not use the Services to engage in mining cryptocurrency;", to be found on the "Supplemental Terms and Conditions For Google Cloud Platform Free Trial" page.
What is GCP event threat detection? ›
Event Threat Detection is a built-in service for the Security Command Center Premium tier that continuously monitors your organization or projects and identifies threats within your systems in near-real time.
What are the threats to Google cloud? ›
Emerging Threats and Persistent Challenges: The report underscores the persistence of credential abuse, cryptomining, ransomware, and data theft as top cloud security concerns in 2024.
What is Bitdefender cryptomining protection? ›
– Bitdefender, a global cybersecurity leader, today announced Cryptomining Protection, the first cryptomining management feature that allows users to both protect against malicious cryptojacking and manage their own legitimate cyptomining initiatives on their Windows PCs.
Can AWS detect crypto mining? ›
Customers can use AWS IoT Device Defender to help audit and monitor their edge device fleet. In this blog post, we show you the steps involved in helping to detect and mitigate cryptocurrency mining threats on edge devices using AWS IoT Device Defender custom metrics.
What crypto mining apps did Google ban? ›
Due to this, Google has changed its Play Store Developer Policy. “We don't allow apps that mine cryptocurrency on devices,” reads the entry included in the policy. Mining activities have a high impact for all the victims that are included in this schema.
What is cloud threat detection? ›
Cloud detection and response solutions continuously aggregate, normalize and analyze large volumes of data about accounts, privileges, configurations, and activity from SaaS and cloud services to provide insights, situational visibility, and alerts around risks and threats.
What is advanced threat detection? ›
Advanced threat detection (ATD) appliances are used as an extra security approach to examine all communications that standard layers of security controls have allowed to pass.
What is threat detection in cloud computing? ›
Threat detection is the practice of continuously analyzing IT ecosystems to identify potentially malicious activity that could compromise security.
The complexity of the cloud exists because the cloud vendors allows a user to do advanced things if the user understands how. Using AWS, GCP, and Azure as Infrastructure-as-a-Service (Iaas) means that there's no easy mode. If you want easy (or easier) mode, you'll have to use a Platform-as-a-Service (PaaS).
What is Google's biggest threat? ›
Competitors: The primary threat that Google faces is from its competitors Facebook and Amazon. The two competitors are slowly catching up with Google. Their new features and increasing popularity can take the spotlight away from Google.
Can your Google Cloud be hacked? ›
Google Cloud credentials control access to your resources hosted on Google Cloud. To help keep your data secure and protected from attackers, you must handle your credentials with utmost care. We recommend that you protect all of your Google Cloud credentials from unintended access.
Should I enable cryptomining protection? ›
In this context, Cryptomining Protection helps ensure Bitdefender users remain aware and protected against unauthorized system breaches that reduce device performance, increase electricity costs, shorten device lifespan, and impose security risks to their overall systems.
What are cryptomining attacks? ›
Cryptojacking is a type of cybercrime that involves the unauthorized use of people's devices (computers, smartphones, tablets, or even servers) by cybercriminals to mine for cryptocurrency.
What is cryptomining in cyber security? ›
Cryptomining malware is specifically designed to exploit a target's computer resources, often through a browser or JavaScript. After getting infected with cryptominer malware through a link or other malicious source, the cryptojacking code embeds itself in your machine.
Is Google Forms Bitcoin mining legit? ›
One of many outcomes is the website claims that you have won a large amount of money from Bitcoin mining and asks you to pay a small fee to claim it. Of course, this is a fraud. This scam is very elaborate and convincing, but some signs can help you spot it and avoid it.
Is cloud crypto mining legit? ›
Most, if not all, cloud mining companies today are either plain scams or work through an ineffective business model. By ineffective I mean that you will either lose money or earn less than you would have by just buying and holding Bitcoins. That's cloud mining in a nutshell.
How to mine crypto on cloud for free? ›
Earn Real Bitcoins Effortlessly with Cloud Miner
- Fuel Up with Sparks. These are essential for mining blocks. ...
- Initiate Mining. Select a block to mine and let the countdown begin.
- Claim Your Bitcoins. Once the countdown ends, your reward awaits. ...
- Keep Going.
Back in 2018, Google's cloud segment added support for Bitcoin and Ethereum on BigQuery. And with the advent of ordinals, essentially Bitcoin NFTs, coming to the network in January 2023, Google is also now allowing developers to query satoshis and/or ordinals from the Bitcoin dataset on BigQuery.
