Can you believe that threat actors can easily steal data from Google Cloud Platform (GCP) leaving no forensic trace about their activities? It’s true!
Mitiga researchers recently discovered that hackers are stealing data from GCP storage buckets as the differentiating-log details are not enabled by default.
For instance, a cyber criminal can easily access data, and the activity is going unrecorded, as the storage platform uses the same description for all kinds of access such as simple reading of file, downloading of file, copy a file to an external resource like a server or reading/editing the metadata of a file.
Researchers from Mitiga, Veronica Marinov described the incident as a technical software failure to differentiate the activity, as many read incidents can also include download or copy of data to external buckets, leading to data breaches.
However, the GCP Security team has taken a note of this incident and tagged it as a security deficiency. They realized they can smartly deal with it using efficient administrative skills.
On March 1st of this year, the web search giant found out that there was no exfiltration detected in its audit and there are ways to mitigate and detect the insufficient audit logging in GCP by improving log-forensics.
NOTE- AWS offers log access differentiation by default through CloudWatch logs and offers the privileged to add permissions to users and groups, based on their assigned roles.