Google Cloud’s Cryptomining Protection Program


Key Points
Cryptomining attacks pose a significant and costly threat to cloud environments, with unauthorized compute costs reaching hundreds of thousands of dollars within a matter of days. The Google Cybersecurity Action Team (GCAT) September 2022 Threat Horizons Report revealed that 65% of compromised cloud accounts experienced cryptocurrency mining.


Detecting Cryptomining Attacks

The ability to detect cryptomining attacks is crucial in preventing their costly consequences. Google Cloud’s Security Command Center Premium includes specialized detection capabilities that are seamlessly integrated into the Google Cloud infrastructure. Using innovative techniques, Security Command Center scans virtual machine memory for malware without the need for agents, which can compromise performance and increase an organization’s attack surface. This approach enables the detection of attacks that may be overlooked by add-on security tools relying solely on cloud logs and API-based information analysis. Additionally, Security Command Center can identify compromised identities that allow attackers to gain unauthorized access to cloud accounts and rapidly deploy cryptomining malware. By detecting potential threats before adversaries can exploit compromised information, Security Command Center provides comprehensive and advanced cryptomining attack detection capabilities that can only be achieved through a product built into the cloud infrastructure.

Cryptomining Protection Program

Security Command Center Premium customers who adhere to the program’s terms and conditions, including Cryptomining Detection Best Practices, are eligible to participate in the Cryptomining Protection Program. This program provides financial protection to cover unauthorized Google Cloud compute expenses associated with undetected cryptomining attacks. To learn more about the program and its eligibility criteria, customers can refer to the Cryptomining Protection Program Overview.

Google Cloud’s Shared Fate Model

At Google Cloud, risk management is approached through a shared fate model, emphasizing our commitment to delivering robust security outcomes on our platform. By providing customers with effective built-in tools to detect one of the most prevalent and costly cloud threats, Google Cloud takes responsibility for ensuring security. In the event that our detection efforts are unsuccessful, the Cryptomining Protection Program offers financial protection to affected customers. This shared fate approach to cloud security enhances confidence among enterprise buyers when transitioning to the cloud, knowing that they are supported by a provider that actively mitigates risks and provides financial recourse.

Expert Perspective

Philip Bues, research manager for cloud security at IDC, emphasized the seriousness of cryptomining attacks and the significance of preventive controls and threat detection capabilities in cloud environments. Bues commended Google Cloud’s initiative, stating that their built-in threat detection of unauthorized cryptomining, combined with the financial protection offered through the Cryptomining Protection Program, provides reassurance to enterprise buyers considering cloud adoption.

By integrating specialized detection capabilities into Security Command Center Premium, Google Cloud provides customers with a comprehensive solution to detect and prevent cryptomining attacks.


Moreover, the financial protection offered through the program serves as an additional layer of support, reassuring customers that their cloud environments and budgets are safeguarded against the costly consequences of undetected cryptomining attacks.