Security News > 2023 > March > Experts Reveal Google Cloud Platform's Blind Spot for Data Exfiltration Attacks

Malicious actors can take advantage of "Insufficient" forensic visibility into Google Cloud Platform to exfiltrate sensitive data, a new research has found.
"Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to allow any effective forensic investigation, making organizations blind to potential data exfiltration attacks," cloud incident response firm Mitiga said in a report.
"The same event is used for a wide variety of types of access, including: Reading a file, downloading a file, copying a file to an external server, [and] reading the metadata of the file," Mitiga researcher Veronica Marinov said.
In a hypothetical attack, a threat actor can use Google's command line interface to transfer valuable data from the victim organization's storage buckets to an external storage bucket within the attacker organization.
Google has since provided mitigation recommendations, which range from Virtual Private Cloud Service Controls to using organization restriction headers to restrict cloud resource requests.
The disclosure comes as Sysdig unearthed a sophisticated attack campaign dubbed SCARLETEEL that's targeting containerized environments to perpetrate theft of proprietary data and software.
News URL
https://thehackernews.com/2023/03/experts-reveal-google-cloud-platforms.html
Related news
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security (source)
- Google to purchase Wiz for $32 billion in cloud security play (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)
- Phishers abuse Google OAuth to spoof Google in DKIM replay attack (source)