In a blog posted on February 8, Google has announced a new security include named Virtual Machine Threat Detection (VMTD) for Google Cloud users in its Security Command Center (SCC) area that is intended to recognize and block crypto-mining malware attacks or “cryptojacking” that might be occurring behind the owners’ backs.

Google said this new feature is an agentless system that ceaselessly examines the memory of virtual machines sent in Google Cloud environments for indications of expanded CPU or GPU utilization- specific to crypto mining operations.

To keep away from false-positive detections, the element has been left disabled as a matter of course; in any case, any client can enable it for their GCP VMs. They can do this by going to the Settings page of their Security Command Center and looking under the Manage Settings segment.

According to Google, this feature will just work with non-sensitive memory, and VMTD won't handle memory from hubs set apart as "Confidential."

Also Read | Google warns 'Malicious Actors' performing crypto mining using compromised cloud accounts

VMTD has started carrying out today for public preview, so occupants are suggested to enable it for more modest bits of their nodes and watch out for its effect on performance.

“Over the next months as we move VMTD towards general availability, you can expect to see a steady release of new detective capabilities and integrations with other parts of Google Cloud,” said Timothy Peacock, Product Manager for Google Cloud.

When the feature arrives at general accessibility and is considered stable, VMTD will in all likelihood turn into a must-use use security feature.

In a report published last year, the Google Cloud team said that after analyzing 50 as of late compromised GCP cases, 86% were tainted with crypto mining payloads that capture tenants’ assets, for example, the CPU or RAM to dig cryptocurrency for the attacker.

“They can go and sell that access on the black market. And somebody bigger and worse may buy that, and do something more detrimental,” said Roger Koehler, vice president of threat ops at managed detection and response firm Huntress.

Generally speaking, these attackers enter client accounts through poorly configured systems and afterward grow to whole internal networks, so administrators will in all probability need to enable VMTD in any event, for systems that are not straightforwardly accessible through the internet, just to be confirmed.

“We’re just bringing all that knowledge, with a little bit of enterprise consumption, to any enterprise customer who wants to move their VMs over,” said Potti, vice president, and general manager for Google Cloud’s security business.

Joyashree Dey

CBW - External Analyst

INDIA