This article is more than 1 year old

Google puts $1M behind its promise to detect cryptomining malware

If the chocolate factory's scans don't stop the miners, customers don't foot the bill

Google Cloud has put $1 million on the table to cover customers' unauthorized compute expenses stemming from cryptomining attacks if its sensors don't spot these illicit miners.

Unlike their louder, flashier counterparts (looking at you, ransomware crews), cryptominers are stealthier. Once they've broken into a victims' compute environment — often via compromised credentials — they keep quiet, deploying mining malware and then raking in cryptocurrencies using the stolen compute resources. 

This goes on until they get caught, which usually happens when a victim notices other legit workloads' performance lagging while their computing costs spike.

Plus, according to security researchers, illicit mining is on the rise. Google's Cybersecurity Action Team found that 65 percent of compromised cloud accounts experienced cryptocurrency mining [PDF]. 

The chocolate factory is confident that it can promptly detect and stop these attacks, and to that end it is adding cryptoming protection with up to $1 million to cover unauthorized Google Cloud compute expenses associated with undetected cryptomining attacks for its Security Command Center Premium customers.

Security Command Center is Google Cloud's built-in security and security and risk-management platform, and the new service scans virtual machine memory for mining malware. In a blog post today, Google Cloud's Greg Smith and Tim Peacock describe the cryptomining detector thus:

It does this without agents, which can slow performance and increase an organization's attack surface. Our approach enables us to detect attacks that could be missed by bolt-on security tools that rely on analysis of cloud logs and information gathered from APIs.

And, if this doesn't protect the cloud security product's premium customers, then Google will reimburse them up to $1 million. 

Earlier this year, security researchers uncovered a sneaky mining botnet dubbed HeadCrab that uses bespoke malware to mine for Monero crytocurrency and infected at least 1,200 Redis servers in the last 18 months.

The compromised servers span the US, UK, German, India, Malaysia, China and other countries, according to Aqua Security's Nautilus researchers, who discovered the HeadCrab malware and have now found a way to detect it.

Based on the attacker's Monero wallet, the researchers estimate that the crooks expected an annual profit of about $4,500 per infected worker. ®

More about


Send us news

Other stories you might like