Google Cloud has announced a new feature to detect crypto mining and prevent miners from using its service. The company said the service is designed to “prevent instances running cryptocurrency mining software.”
Crypto mining involves investing in hardware and software to solve complex math problems, with the calculations recorded digitally on the blockchain. Miners are paid for recording these transactions, receiving digital coins as payment which they can then sell if they choose.
However, for miners to be effective, they would need to maintain an always-on machine and the system that records all of the miners’; in turn, computing power must scale. If it doesn’t, the calculations become more demanding and costly.
Google has been working on this issue since July this year. It has hired researchers from MIT Media Lab who helped develop a new technology that can detect “potential malicious behavior.” Until now, developers have used similar technology to identify malicious code written by hackers.
The new technology will use machine learning to identify specific patterns of activity that can be an indicator for miners trying to hide their activities.
“We are able to detect crypto mining behavior by analyzing the system calls made by an application,”
wrote Google software engineer Doug Beaver in a blog post announcing the new feature.
“These system calls are used by applications in a way that is very similar to the hashing and cryptographic operations that crypto mining packages employ. The crypto mining process relies on large numbers of parallel operations. When we see this type of system call pattern on our cloud providers, we can use it as a signal to detect crypto mining.”
The App Engine, Compute Engine, and Container Engine platforms of Google Cloud Platform received the capability on Tuesday.
Virtual Machine Threat Detection (VMTD) is a new function, which Google said in a blog post was made available as a public preview to customers of Google Cloud’s Security Command Center Premium Offering.
With the use of “agentless memory scanning,” VMTD has been intended to detect cyber risks such as crypto-mining malware on virtual machines running on Google Cloud.
VMTD will not require any additional software agents to see crypto mining operations in virtual machines, according to the company.
Software agents are placed within a guest virtual machine in traditional endpoint security to identify attacks. However, Google stated that it intended to detect cyber dangers such as crypto-mining malware using its Compute Engine without the use of any software agents.The company also mentioned the motive behind agentless storage scans.
According to a Google Cloud blog post, without software agents, “there is less performance impact, the less operational overhead for agent deployment and management, and less potential attack surface.”.
“It runs behind a hypervisor, and can be adjusted to customer virtual machines to incorporate threat detection that is practically ubiquitous and tough to manage,” the cloud noted.
A little about what Google Cloud does:
Google Cloud provides a data center environment on the internet, from which customers can store data for use on servers or mobile devices. It offers a range of storage and computing services, including BigQuery.
Google Cloud Storage is an online file storage service that allows users to store files securely and efficiently manage their content across all devices they use.
Google provides admins with a cloud-based file server that can be accessed via the Google Drive desktop application or web interface, or individual private keys.
Google Cloud SQL is a fully-managed MySQL, Postgres, or MariaDB database engine. Google maintains the database and stores the data across multiple redundant storage servers to ensure high availability.
Edited By: Mahi GuptaÂ
Published By: Shramana Sengupta