Google Cloud Threat Horizons

Industry: N/A | Level: Strategic | Source: Google

Google's Cybersecurity Action Team publishes its Threat Horizons report, based on threat intelligence gathered by the Google team from Threat Analysis Groups (TAG). The most prominent impact to compromised instances has been for crypto mining abuse, as a review from 50 recently compromised GCP instances, 86% involved crypto-mining. With additional observations identifying 10% of compromised instances used to conduct public scanning to identify vulnerable systems, 8% to launch attacks against other targets, 6% hosting malware, 4% hosting unauthorized content, 2% launching DDoS bot, and 2% sending spam. (Percentage of activity doesn't accumulate to 100% as some promised instances are utilized for multiple malicious purposes). Google attributes the majority of successful attacks to poor hygiene and lack of control implementation. The most exploited vulnerabilities include weak passwords or authentication, vulnerable third-part software, misconfigurations, or leak credentials. Google's TAG team also presents tracking of phishing activity observed from APT28/Fancy Bear and high-level information on Black Matter ransomware.