/>
X

Google Cloud launches agentless cryptojacking malware scanner

The new security feature is designed to hunt down instances of cryptojacking.
charlie-osborne.jpg
Written by Charlie Osborne, Contributor on

Google Cloud has announced a new security feature designed to hunt down instances of cryptojacking.

On Monday, the tech giant said the public preview of Virtual Machine Threat Detection (VMTD) is now available in the Security Command Center (SCC). The SCC is a platform for detecting threats against cloud assets by scanning for security vulnerabilities and misconfigurations. 

Timothy Peacock, Product Manager at Google Cloud, said that as organizations continue to migrate to the cloud, workloads are often handled with VM-based architectures. 

Cloud environments are also a prime target for cyberattackers seeking out valuable data, as well as those intending to execute cryptocurrency mining malware. 

Cryptocurrency miners such as XMRig are legitimate programs for mining coins. When in the hands of threat actors, cryptominers can be abused, however, and used without permission on cloud systems. 

In what is known as cryptojacking attacks, miners are deployed on compromised systems to steal the victim's compute resources. Cryptocurrency including Monero (XMR) is often mined by cybercriminals in this way and coins are sent to wallets controlled by the malware's operators. 

According to Google's latest Threat Horizons report (.PDF), out of a sample of compromised instances, 86% were used for cryptocurrency mining and 10% were used to perform scans for other vulnerable instances.

To combat the specter of cryptojacking attacks against VMs operating in Google Cloud, the company's VMTD solution will provide "agentless memory scanning" inside SCC.

"Traditional endpoint security relies on deploying software agents inside a guest virtual machine to gather signals and telemetry to inform runtime threat detection," Peacock said. "But as is the case in many other areas of infrastructure security, cloud technology offers the ability to rethink existing models."

Google's approach is to instruct the hypervisor to collect signals that may indicate infection. VMTD will start as a means to detect cryptocurrency mining, but as it hits general availability, the system will be integrated with other Google Cloud functions. 

Users can choose to try out VMTD by enabling it in SCC settings. The service is opt-in and customers can choose the scope of the scanner. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Related

Get CyberLink PowerDirector 365 for just $44 right now
CyberLink PowerDirector 365

Get CyberLink PowerDirector 365 for just $44 right now

Photo & Video
Scribble me this: The uncertain future of note-taking apps
digital stylus

Scribble me this: The uncertain future of note-taking apps

Tablets
Air purifier deal: Save up to $105 on Winix air purifiers
WInux A231 air purifier

Air purifier deal: Save up to $105 on Winix air purifiers

Office Hardware & Appliances