Google Cloud launches Cryptomining Protection Program

Google Cloud has launched its Cryptomining Protection Program for Security Command Center (SCC) Premium customers with up to $1 million to cover unauthorized Google Cloud compute expenses associated with undetected cryptomining attacks. SCC Premium customers will have access to the new product for free. SCC Premium works with a pay-as-you-go pricing, and as one-year and multi-year fixed-price subscriptions. 

According to Google Cybersecurity Action Team (GCAT) September 2022 Threat Horizons Report, threat actors frequently targeted weak and default passwords to access Google Cloud accounts. Once inside the compromised cloud accounts, they performed cryptomining 65% of the time.

“Security Command Center has rapidly become one of the most common tools for protecting Google Cloud environments,” Jess Leroy, senior director of product management, Google Cloud, tells CSO. “Fortune 10 companies through SMB organizations globally rely on Security Command Center Premium to protect their Google Cloud environments.”

How Google Cloud’s Cryptomining Protection Program works

Why is the Cryptomining Protection Program only available to SCC Premium? SCC Premium includes “comprehensive threat detection capabilities that are engineered into the Google Cloud infrastructure.” This includes cryptomining attack detection, the technology that underpins Google Cloud’s financial protection program. 

To detect such attacks, SCC Premium scans virtual machine memory for malware. The cloud provider says its approach enables it to detect attacks that could be missed by bolt-on security tools that rely on analysis of cloud logs and information gathered from APIs. The ultimate result would be Google identifying possible threats before they get explored. The full set of advanced detection capabilities for cryptomining can only be delivered by a product built into the cloud infrastructure.

Another function of SCC Premium is to detect compromised identities, which are usually the entry point for attackers. It does this by detecting excessive failed attempts, anomalously long impersonation chains, dormant service account activity, and by using other functionalities.

How the cover works and how to access

All SCC Premium customers are eligible for this financial protection program as long as they follow the program terms and conditions including Cryptomining Detection Best Practices. “If Google or Security Command Center Premium fail to detect and notify the customer of a cryptomining attack in the customer’s compute engine VM environment, and the customer experiences compute engine costs resulting from the undetected attack, the customer can request cloud credits within 30 days from when the attack began to cover the unauthorized compute engine costs,” Leroy explains.

Once a customer has raised the issue, Google will work with them to determine the compute engine costs incurred due to the cryptomining attack. The maximum number of credits issued under the program to any customer is up to US$1 million in any 12-month period.