Google Cloud may have some worrisome security flaws that could allow threat actors to steal data from cloud storage (opens in a new tab) platform without being detected.
The findings, provided by cybersecurity researcher Mitiga, found that Google Cloud Platform (GCP) logs, which are often used to identify attacks and understand what threat actors are able to achieve, are sub-par and leave a lot to be desired.
In their current state, the researchers said, they did not provide a level of visibility that would allow “any effective forensic investigation,” and concluded that organizations using GCP were “blind and blind” to potential data breach attacks.
turn a blind eye to the attack
However, Google didn’t classify the findings as vulnerabilities, so no patches were issued — though it published a list of mitigations that users can deploy if they’re concerned that their current configuration is at risk.
As a result, organizations are unable to respond effectively to incidents, nor can they determine exactly what data was stolen in an attack.
Typically, an attacker will gain control over an identity and access management (IAM) entity, grant it the permissions it needs, and use it to copy sensitive data. Because GCP does not provide the necessary transparency about granted permissions, it will be difficult for enterprises to monitor data access and potential data theft, the researchers concluded.
While Google does offer its customers the ability to turn on storage access logs, the feature is turned off by default. By enabling it, organizations can better detect and respond to attacks, but there may be an additional cost to use the feature. Even when turned on, the system was “inadequate” and created “forensic visibility gaps,” the researchers added, saying the system chose to attribute “a wide range of potential file access and read activity to a single event type—” Object gets. ‘”
This is a problem because the same event is used to read the file, download the file, or even just read the file’s metadata.
In response to Mitiga’s findings, Google expressed its gratitude to Mitiga for its feedback, but did not consider it a vulnerability. Instead, the company offers mitigation recommendations, which include the use of VPC service controls, organizational restriction headers, and restricted access to storage resources.
