Comment
Author: Admin | 2025-04-28
At Google we have an immense aperture into the global cybersecurity threat landscape and the means to mitigate risks that stem from those threats. With our recently launched Google Cybersecurity Action Team, we are bringing more of our security abilities and advisory services to our customers to increase their defenses. A big part of this is to bridge our collective threat intelligence to yield specific insights, such as when malicious hackers exploit improperly-secured cloud instances to download cryptocurrency mining software to the system—sometimes within 22 seconds of being compromised. This is one of several observations that we have published in the first issue of the Threat Horizons report (read the executive summary or the full report.) The report highlights recent observations from the Google Threat Analysis Group (TAG), Google Cloud Security and Trust Center, Google Cloud Threat Intelligence for Chronicle, Trust and Safety, and other internal teams who collectively work to protect our customers and users.The report’s goal is to provide actionable intelligence that enables organizations to ensure their cloud environments are best protected against ever-evolving threats. In this and future threat intelligence reports, the Google Cybersecurity Action Team will provide threat horizon scanning, trend tracking, and Early Warning announcements about emerging threats requiring immediate action.While cloud customers continue to face a variety of threats across applications and infrastructure, many successful attacks are due to poor hygiene and a lack of basic control implementation. Most recently, our internal security teams have responded to cryptocurrency mining abuse, phishing campaigns, and ransomware. Given these specific observations and general threats, organizations that put emphasis on secure implementation, monitoring and ongoing assurance will be more successful in mitigating these threats or at the very least reduce their overall impact.The cloud threat landscape in 2021 was more complex than just rogue cryptocurrency miners, of course. Google researchers from TAG exposed a credential phishing attack by Russian government-supported APT28/Fancy Bear at the end of September that Google successfully blocked; a North Korean government-backed threat group which posed as Samsung recruiters to send malicious attachments to employees at several South Korean anti-malware cybersecurity companies; and detected customer
Add Comment