There has been a new Google Cloud storage security issue as of late. Concerning security holes in Google Cloud may make it possible for threat actors to steal data from the cloud storage platform covertly.
The information was discovered by cybersecurity expert Mitiga. They discovered that the Google Cloud Platform (GCP) logs, which are often used to recognize attacks and comprehend what threat actors have been able to do, are substandard and leave much to be desired.
At their current state, they don’t provide the amount of visibility to allow for “any effective forensic investigation.” The researchers claimed and concluded that the firms using GCP are “blind” to prospective data exfiltration attempts.
READ MORE: Apple App Benchmarks
Google Cloud storage security blind to threats
There isn’t a patch available because Google hasn’t categorized the results as a vulnerability. But it has issued a list of mitigations customers can take if they think their present configuration poses dangers.
As a result, companies are unable to properly respond to breaches. And have no means of knowing exactly what data was stolen during an attack.
An Identity and Access Management (IAM) entity is typically taken control of by an attacker. He then uses it to copy sensitive data after giving it the necessary rights. Businesses will find it extremely difficult to keep track of data access and potential data theft because GCP doesn’t offer the essential transparency regarding rights given, the researchers found.
Although Google does allow users to enable storage access logs, the feature is disabled by default. Organizations may be better able to identify and respond to threats if it is enabled. However, using the functionality can incur more costs. According to the researchers, the system decides to classify “a wide variety of potential file access and read activities under a single type of event — ‘Object Get’.” This makes it “insufficient” even when it is turned on and causes “forensic visibility gaps.”
The fact that a file can be read and downloaded using the same event is problematic.