Google Cloud storage may not be as secure as we'd all hope it is
Date:
Thu, 02 Mar 2023 16:04:20 +0000
Description:
Logs are every investigator's best friend but with GCP, they're not as good
as they could be, researchers claim.
FULL STORY ======================================================================
Google Cloud may have some concerning security flaws that could allow threat actors to exfiltrate data from the cloud storage platform without being spotted.
The findings come courtesy of cybersecurity researchers Mitiga, which found Google Cloud Platform (GCP)s logs, which are usually used to identify attacks and understand what threat actors have been able to achieve, are subpar, leaving much to be desired.
At their current state, they dont provide the level of visibility to allow
for any effective forensic investigation, the researchers said, concluding that the organizations using GCP are blind to potential data exfiltration attacks. Blind to attacks
However Google has not classified the findings as a vulnerability, so no
patch has been released - although it has published a list of mitigations users can deploy if they fear their current configuration brings risks.
Consequently, businesses cant effectively respond to incidents, and have no way to precisely determine what data was stolen in an attack.
Usually, an attacker will gain control over an Identity and Access Management (IAM) entity, grant it the required permissions, and use it to copy sensitive data. As GCP doesnt provide the necessary transparency regarding permissions granted, businesses will have a really hard time monitoring data access and potential data theft, the researchers concluded. Read more
Oracle Cloud admits users could access other customer data
Google Cloud apparently has a security issue even firewalls can't stop
These are the best endpoint protection services around
While Google does offer its customers the ability to turn on storage access logs, the feature is turned off by default. By turning it on, organizations could be better at detecting and responding to attacks, but the feature might cost extra to be used. Even if its turned on, the system is insufficient and creates forensic visibility gaps, the researchers added, saying that the system chooses to group a wide range of potential file access and read activities under a single type of event Object Get.
This is a problem because the same event is used for reading a file, downloading it, or even just reading the files metadata.
Responding to Mitigas findings, Google said it appreciates Mitigas feedback but doesnt consider it a vulnerability. Instead, the company provided mitigation recommendations, which include the use of VPC Service Controls, organization restriction headers, as well as restricted access to storage resources. Keep your devices secure with the best malware protection out there
======================================================================
Link to news story:
https://www.techradar.com/news/google-cloud-storage-may-not-be-as-secure-as-we d-all-hope-it-is
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)