- Google’s Cybersecurity Action Team reported that 65% of compromised cloud accounts involved cryptocurrency mining.
- If the protection doesn’t shield premium customers from cryptomining attacks, Google is prepared to reimburse up to $1 million in unauthorized Google Cloud compute expenses.
Google Cloud has taken another bold stride in ensuring customer safety by offering up to $1 million in protection for costs incurred during undetected crypto-mining attacks. This step signals a significant advancement in cloud security, particularly concerning the growing threat of crypto mining scams.
In a recent report by Google’s Cybersecurity Action Team, they disclosed a concerning trend: 65% of cases involving compromised cloud accounts saw hackers engaging in cryptocurrency mining. With the attacks often partially or entirely automated, they’ve become quick and easy to carry out, making them a pervasive issue for organizations needing the proper preventative controls and threat detection capabilities in their cloud environments.
These stealthy attacks, often unnoticed until legitimate workloads’ performance starts lagging and computing costs spike, have risen. But with Google’s unwavering commitment to customer security, they’ve responded proactively with an industry-first move.
Google Cloud’s Security Command Center Premium subscribers are now entitled to a hefty coverage plan prepared to foot the bill if a crypto mining attack goes undetected. It’s a striking illustration of the company’s dedication to going above and beyond in safeguarding its customers’ assets.
A Groundbreaking Protection Program
While impressive, the Cryptomining Protection Program is a robust risk-management solution that still comes with strict terms and conditions. It emphasizes the importance of adhering to the prescribed best practices. If, despite implementing these practices, the service fails to detect and notify customers of a crypto mining attack, credits can be requested within a 30-day timeframe from the initiation of the attack.
However, it’s important to note that the response and remediation efforts remain the customer’s sole responsibility. Google’s role is limited to promptly identifying and informing customers about the presence of such attacks. The program exclusively covers Compute Engine Virtual Machine types and compute environments supported by the Security Command Center Premium’s Virtual Machine Threat Detection.
Swift Detection, No Agents Required
One of the unique elements of Google’s crypto-mining protection is the absence of agents, which can slow performance and increase an organization’s attack surface. Instead, Google Cloud’s security service scans virtual machine memory for mining malware, enabling it to detect attacks potentially missed by bolt-on security tools that rely on analyzing cloud logs and information gathered from APIs.
If this proactive protection doesn’t shield premium customers from crypto mining attacks, Google is prepared to reimburse up to $1 million in unauthorized Google Cloud compute expenses. Remember, this program has nothing to do with Bitcoin mining and is available only for people using mining software, with one of the most commonly mined tokens being monero (XMR).
Google’s bold move sends a clear message to all cloud service users and providers: The era of crypto mining attacks being a silently tolerated menace is coming to an end. With more cloud security measures likely to follow suit, it’s an encouraging sign for users that their digital safety is being prioritized.
