Google Cloud has announced a new security feature designed to hunt down instances of cryptojacking.
On Monday, the tech giant said the public preview of Virtual Machine Threat Detection (VMTD) is now available in the Security Command Center (SCC). The SCC is a platform for detecting threats against cloud assets by scanning for security vulnerabilities and misconfigurations.
Timothy Peacock, Product Manager at Google Cloud, said that as organizations continue to migrate to the cloud, workloads are often handled with VM-based architectures.
Cloud environments are also a prime target for cyberattackers seeking out valuable data, as well as those intending to execute cryptocurrency mining malware.
Cryptocurrency miners such as XMRig are legitimate programs for mining coins. When in the hands of threat actors, cryptominers can be abused, however, and used without permission on cloud systems.
In what is known as cryptojacking attacks, miners are deployed on compromised systems to steal the victim’s compute resources. Cryptocurrency including Monero (XMR) is often mined by cybercriminals in this way and coins are sent to wallets controlled by the malware’s operators.
According to Google’s latest Threat Horizons report (.PDF), out of a sample of compromised instances, 86% were used for cryptocurrency mining and 10% were used to