Google puts $1M behind its promise to detect cryptomining malware

Google Cloud has put $1 million on the table to cover customers’ unauthorized compute expenses stemming from cryptomining attacks if its sensors don’t spot these illicit miners.

Unlike their louder, flashier counterparts (looking at you, ransomware crews), cryptominers are stealthier. Once they’ve broken into a victims’ compute environment — often via compromised credentials — they keep quiet, deploying mining malware and then raking in cryptocurrencies using the stolen compute resources. 

This goes on until they get caught, which usually happens when a victim notices other legit workloads’ performance lagging while their computing costs spike.

Plus, according to security researchers, illicit mining is on the rise. Google’s Cybersecurity Action Team found that 65 percent of compromised cloud accounts experienced cryptocurrency mining [PDF]. 

The chocolate factory is confident that it can promptly detect and stop these attacks, and to that end it is adding cryptoming protection with up to $1 million to cover unauthorized Google Cloud compute expenses associated with undetected cryptomining attacks for its Security Command Center Premium customers.

Security Command Center is Google Cloud’s built-in security and security and risk-management platform, and the new service scans virtual machine memory for mining malware. In a blog post today, Google Cloud’s Greg Smith and Tim Peacock describe the cryptomining detector thus:

And, if this doesn’t protect the cloud security product’s premium customers, then Google will reimburse them up to $1 million. 

Earlier this year, security researchers uncovered a sneaky mining botnet dubbed HeadCrab that uses bespoke malware to mine for Monero crytocurrency and infected at least 1,200 Redis servers in the last 18 months.

The compromised servers span the US, UK, German, India, Malaysia, China and other countries, according to Aqua Security’s Nautilus researchers, who discovered the HeadCrab malware and have now found a way to detect it.

Based on the attacker’s Monero wallet, the researchers estimate that the crooks expected an annual profit of about $4,500 per infected worker. ®