Google Cloud Cryptomining Protection Program is part of the Security Command Center Premium service to help users detect cryptomining attacks. Credit: Pete Linforth Google Cloud has launched its Cryptomining Protection Program for Security Command Center (SCC) Premium customers with up to $1 million to cover unauthorized Google Cloud compute expenses associated with undetected cryptomining attacks. SCC Premium customers will have access to the new product for free. SCC Premium works with a pay-as-you-go pricing, and as one-year and multi-year fixed-price subscriptions. According to Google Cybersecurity Action Team (GCAT) September 2022 Threat Horizons Report, threat actors frequently targeted weak and default passwords to access Google Cloud accounts. Once inside the compromised cloud accounts, they performed cryptomining 65% of the time.“Security Command Center has rapidly become one of the most common tools for protecting Google Cloud environments,” Jess Leroy, senior director of product management, Google Cloud, tells CSO. “Fortune 10 companies through SMB organizations globally rely on Security Command Center Premium to protect their Google Cloud environments.” How Google Cloud’s Cryptomining Protection Program worksWhy is the Cryptomining Protection Program only available to SCC Premium? SCC Premium includes “comprehensive threat detection capabilities that are engineered into the Google Cloud infrastructure.” This includes cryptomining attack detection, the technology that underpins Google Cloud’s financial protection program. To detect such attacks, SCC Premium scans virtual machine memory for malware. The cloud provider says its approach enables it to detect attacks that could be missed by bolt-on security tools that rely on analysis of cloud logs and information gathered from APIs. The ultimate result would be Google identifying possible threats before they get explored. The full set of advanced detection capabilities for cryptomining can only be delivered by a product built into the cloud infrastructure.Another function of SCC Premium is to detect compromised identities, which are usually the entry point for attackers. It does this by detecting excessive failed attempts, anomalously long impersonation chains, dormant service account activity, and by using other functionalities. How the cover works and how to accessAll SCC Premium customers are eligible for this financial protection program as long as they follow the program terms and conditions including Cryptomining Detection Best Practices. “If Google or Security Command Center Premium fail to detect and notify the customer of a cryptomining attack in the customer’s compute engine VM environment, and the customer experiences compute engine costs resulting from the undetected attack, the customer can request cloud credits within 30 days from when the attack began to cover the unauthorized compute engine costs,” Leroy explains.Once a customer has raised the issue, Google will work with them to determine the compute engine costs incurred due to the cryptomining attack. The maximum number of credits issued under the program to any customer is up to US$1 million in any 12-month period. Related content news Singing River ransomware attack now thought to have affected over 895,000 The health care provider has dramatically increased its estimate of the number of patients affected by the August 2023 attack. By Shweta Sharma May 15, 2024 4 mins Data Breach Ransomware brandpost Sponsored by Sans Institute Clock is ticking for companies to prepare for EU NIS2 Directive Many companies are still not ready for the impact of NIS2, but SANS can help them prepare. By Laura McEwan May 15, 2024 3 mins Security feature Backlogs at National Vulnerability Database prompt action from NIST and CISA A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases. By John Mello Jr. May 15, 2024 10 mins Threat and Vulnerability Management Security Practices Vulnerabilities news FBI warns Black Basta ransomware impacted over 500 organizations worldwide CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting. By Lucian Constantin May 14, 2024 6 mins Ransomware Phishing Healthcare Industry PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe