In an announcement on its official blog, Google Cloud announced the addition of a new layer of threat detection in its Security Command Center, named Virtual Machine Threat Detection (VMTD). In the announcement, it was mentioned that the new security service will scan virtual machine instances running on Google Cloud to monitor for cryptomining threats without requiring customers to install any new software on the machines.
Layer of security follows a report released by Google in November last year stating:
86% of the compromised Google Cloud instances were used to perform cryptocurrency mining, a cloud resource-intensive for-profit activity, and that attackers took advantage of poor customer security practices or vulnerable third-party software in nearly 75% of all cases.
Additionally, Google said that it would implement the new security feature as an opt-in security feature rather than forcing customers to accept it. It will also provide encrypted memory when moving from a CPU to RAM, as a way to maintain customer trust.
Cryptojacking, otherwise known as crypto-mining attacks, has been steadily increasing over the past few years, peaking at an all time high in April of last year. Several reports found in 2018 that at least 55% of businesses worldwide were affected by the attacks, including the Google-owned YouTube, whose ads were used by hackers to take advantage of unauthorized computing power.
It was decided that the Security Command Center Team would build a stronger protection system for its virtual machine users as part of the product roadmap. As a result, VMTD was developed, which provides agentless memory scanning, so as to detect threats like crypto-mining malware without requiring an agent. In addition to providing users with protection from coin mining, VMTD also offers them security against data exfiltration and ransomware.
Ransomware attacks flourished in 2021, reaching their highest levels in April 2021. It has been suggested by some commentators that the rise in ransomware attacks paralleled the meteoric rise of cryptocurrencies; regulators and players in the cryptosphere have both taken steps to blunt the bad practices.
