Google Cloud introduced Virtual Machine Threat Detection (VMTD) on Monday, which will detect any malware mining cryptocurrency in a compromised Cloud account. “VMTD is a market-first detection capability from a major cloud provider that provides agentless memory scanning to help detect threats such as cryptomining malware within its virtual machines running on Google Cloud,” according to a report. Google blog post.
This development comes after the company said in November that cybercriminals were hacking Google cloud accounts to mine cryptocurrency. Google’s cloud service is one of the most popular remote storage systems, where the tech giant stores customer data and files on a remote server, which is technically capable of being used for crypto mining. Cryptocurrency mining requires high-powered computers, which compete to solve complex mathematical puzzles, in a process that makes intensive use of computing power and electricity.
What is VMTD?
VMTD will be able to protect Google Cloud Platform customers against attacks such as data exfiltration and ransomware, the blog said. In terms of detecting crypto mining activities, VMTD will work without the need for additional software. The move is being rolled out as a “public preview,” which means users can explore the feature and even provide feedback on the newly added feature. Google will integrate VMTD with other parts of its service in the coming months.
To enable VMTD on your cloud, open the Settings page in Security Command Center. Click “Manage Settings” under Virtual Machine Threat Detection. You can then select a scope for the VMTD.
Interestingly, Google noted that of 50 percent of attacks on its cloud computing service, more than 80 percent were used to mine cryptocurrencies. Cloud customers continue to face a variety of application and infrastructure threats, with many successful attacks due “to poor hygiene and lack of basic control implementation,” Google said in its blog post.
Additionally, 10% of compromised cloud instances were used to perform scans of other publicly available resources on the Internet to identify vulnerable systems, and 8% of instances were used to attack other targets. “While data theft does not appear to be the goal of these compromises, it remains a risk associated with cloud asset compromises as bad actors begin to engage in multiple forms of abuse,” Google added.