Google Cloud Logs are a detective’s best friend. Google Cloud may have some worrying security issues. It allows threat actors to steal data without being detected by the cloud storage platform.
According to cybersecurity website experts, who discovered that Google Cloud Platform (GCP) logs are often used to identify assaults. They comprehend what threat actors have accomplished, is substandard, leaving much to be desired.
The security service website researchers concluded that businesses utilizing GCP are “blind” to possible data exfiltration threats. However, they do not give the amount of visibility required for “any successful forensic investigation” in their current condition.
Attacks go unnoticed
Nevertheless, Google Workspace‘s parent company did not classify the results as a vulnerability, no fix was given. Moreover, it did post a list of mitigations customers might take if they are concerned that their present setup poses dangers.
As a result, organizations are unable to properly respond to attacks. Additionally, they have no method of determining precisely what data was stolen in an attack.
The attackers will often obtain control of an Identity and Access Management (IAM) entity. It will grant them the necessary rights, and then they utilize it to copy sensitive data. The researchers found that the Google Cloud Platform does not give essential transparency regarding rights granted. Due to this, businesses will have a difficult time controlling data access and potential data theft.
While Workspace Google parent company allows users to enable storage access logs, the option is disabled by default. Organizations may be better able to identify and respond to threats if this functionality is enabled. However, it may incur more costs. Even when enabled, the system is insufficient and generates forensic visibility gaps. The researchers claim that the system groups a wide variety of potential file access and read actions under a single sort of event.
This is an issue because the same event is used to read a file or download it. Moreover, even merely read the information of the file.
In response to Mitiga, Google stated that it respects online security website input but does not consider it a vulnerability. Instead, the business recommended mitigating measures. Such as the usage of VPC Service Controls, organization restriction headers, and restricted access to storage resources.
