Cryptomining is a pervasive and costly threat to cloud environments. A single attack can result in unauthorized compute costs of hundreds of thousands of dollars in just days. Further, the Google Cybersecurity Action Team (GCAT) September 2022 Threat Horizons Report revealed that 65% of compromised cloud accounts experienced cryptocurrency mining.
Stopping a cryptomining attack requires effective detection, which is why we have made it a focus of Security Command Center Premium, our built-in security and risk management solution for Google Cloud. To strengthen our customers’ confidence in their ability to quickly detect and stop cryptomining attacks, we are introducing a new Cryptomining Protection Program, which offers financial protection up to $1 million to cover unauthorized Google Cloud compute expenses associated with undetected cryptomining attacks for Security Command Center Premium customers.
Detecting cryptomining attacks
We are able to offer financial protection because Security Command Center Premium includes specialized detection capabilities that are engineered into the Google Cloud infrastructure. To detect cryptomining attacks, Security Command Center scans virtual machine memory for malware. It does this without agents, which can slow performance and increase an organization’s attack surface. Our approach enables us to detect attacks that could be missed by bolt-on security tools that rely on analysis of cloud logs and information gathered from APIs.
Security Command Center can also detect compromised identities, which allow attackers to gain unauthorized access to cloud accounts and quickly deploy cryptomining malware. This means Security Command Center can detect possible threats before an adversary can exploit compromised information to begin an attack. This full set of advanced detection capabilities for cryptomining can only be delivered by a product built into the cloud infrastructure.
Cryptomining Protection Program
Google Cloud customers using Security Command Center Premium that follow the program terms and conditions including Cryptomining Detection Best Practices are eligible to participate in the program. Please see the Cryptomining Protection Program Overview for more information and eligibility criteria.
An example of Google Cloud’s shared fate model
Google Cloud’s shared fate approach to risk management puts our skin in the game when it comes to delivering security outcomes on our platform. By providing our customers with effective, built-in tools to detect one of the most common and costly cloud threats, we offer financial protection if our efforts are unsuccessful.
“Cryptomining attacks continue to be a serious security and financial issue for organizations who do not have the right preventative controls and threat detection capabilities in their cloud environments. Google Cloud is taking an important step by providing built-in threat detection of unauthorized cryptomining, backed by real financial protection available to Security Command Center Premium customers, if an attacker evades their detection defenses. This shared fate approach to cloud security helps increase confidence among enterprise buyers when moving to the cloud,” said Philip Bues, research manager for cloud security, IDC.
To get started today with Security Command Center Premium, including our agentless cryptomining detection, go to the Google Cloud console. To learn more about the Security Command Center Cryptomining Protection Program, please read the Program Overview.
Cloud BlogRead More