Google Cloud got a tool for detecting cryptocurrency miners
Google has launched a new security feature, Virtual Machine Threat Detection (VMTD), designed for Google Cloud customers. This feature is used to detect and block cryptocurrency miners that can mine virtual money without users knowing.
According to last year’s statistics, miners account for more than 86% of all cloud node compromises.
VMTD works without the use of software agents and constantly scans the memory of virtual machines deployed in Google Cloud for signs of increased CPU or GPU load, that is, the characteristic signs of miners.
At the same time, the company emphasizes that VMTD will only work with non-confidential memory, that is, it will not process the memory of Confidential nodes.
To avoid false positives, the feature is disabled by default, but paid users can enable it in the Security Command Center settings, where it is an add-on for Event Threat Detection and Container Threat Detection.
While the functionality is in public preview mode, customers are advised to enable the new protection only for small portions of their nodes and closely monitor the performance impact of VMTD.
Let me also remind you that, for example, Developers built a miner for cryptocurrency into Norton 360 antivirus is completely official.
You might also be interested to know that During five years of operation, the No More Ransom project helped to save $900 million from ransomware.