Google Cloud, the cloud services arm by Alphabet, its parent company, has launched a threat detection service for its clients who run virtual machines. The threat detection service will allow users to detect crypto-mining malware on virtual machine environments in the cloud.
The Google Cybersecurity Team (GCAT) has developed the threat detection service to defend Google Cloud users who may be operating from "poorly configured" cloud accounts, which their research has shown to be highly vulnerable to malicious cryptocurrency mining schemes. The new security protocol will form a layer from within Google Cloud's Security Command Center (SCC).
"The economy of scale enabled by the cloud can help fundamentally change the way security is executed for any business operating in today’s threat landscape. As more companies adopt cloud technologies, security solutions built into cloud platforms help address emerging threats for more and more organizations." shares Timothy Peacock, Product Manager at Google Cloud.
Dubbed as Virtual Machine Threat Detection (VMTD), the threat detection layer is the first of its kind from a major cloud services provider such as Google Cloud. VMTD will provide agentless memory scanning, which will prevent "cryptojacking" malware that are usually deployed inconspicuously on unsuspecting virtual machines. Although the term "agentless" has been subjected to criticism because it implies that, in this context, Google Cloud will not have any data or privacy footprint in the virtual machines protected by its protocol, but such a method will also require anti-malware offloading measures from inside a virtual machine instance (remote introspection).
Google Cloud says that it does away with traditional methods for endpoint security which requires guest virtual machines to gather signals and telemetry patters to inform runtime threat detection. The cloud platform claims that the new protocol will collect signals without requiring users to run additional software, which means that the collection of threat signals will be done natively, improving performance and lowering required operational resources for the virtual machine to run. In this case, the method would also reduce the attack surface that's exposed to threat actors. Google Cloud plans to implement this by instrumentalizing its cloud hypervisor (a virtual machine's overview monitor) to already include the threat detection service.
According to GCAT's Threat Horizons intelligence report, some 86% of 50 compromised cloud instances (containers) were utilized to perform cryptocurrency mining without the knowledge or consent of the users who operate these cloud instances. According to the report, GPU resources on the cloud have repeatedly been abused in “cloud resource-intensive for-profit activity” involving crypto mining algorithms.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.