Quote
Time was of the essence in the compromise of the Google Cloud instances. The shortest amount of time between deploying a vulnerable Cloud instance exposed to the Internet and its compromise was determined to be as little as 30 minutes. In 40% of instances the time to compromise was under eight hours. This suggests that the public IP address space is routinely scanned for vulnerable Cloud instances. It will not be a matter of if a vulnerable Cloud instance is detected, but rather when.
Analysis of the systems used to perform unauthorized cryptocurrency mining, where timeline information was available, revealed that in 58% of situations the cryptocurrency mining software was downloaded to the system within 22 seconds of being compromised as shown in Figure 1. This suggests that the initial attacks and subsequent downloads were scripted events not requiring human intervention. The ability to manually intervene in these situations to prevent exploitation is nearly impossible. The best defense would be to not deploy a vulnerable system or have automated response mechanisms.
Analysis of the systems used to perform unauthorized cryptocurrency mining, where timeline information was available, revealed that in 58% of situations the cryptocurrency mining software was downloaded to the system within 22 seconds of being compromised as shown in Figure 1. This suggests that the initial attacks and subsequent downloads were scripted events not requiring human intervention. The ability to manually intervene in these situations to prevent exploitation is nearly impossible. The best defense would be to not deploy a vulnerable system or have automated response mechanisms.
For sucurity and safety:
Enssuring email best practice
Use of authentication for account security
The use of Tor should also help by relaying different circutes (I guessed this because IP address are first targeted, not account)
To read the full report:
https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf
Or best to avoid Google Cloud?