Cloud Hack Alert: Essential Measures to Implement Immediately
Google has issued a warning and advice for users of its Google Cloud Storage service regarding the potential threat of dangling buckets. In a post on August 8, senior software engineer Raman Bansal and information security engineer Maksim Shudrak highlighted the risks and outlined steps to mitigate the threat.
Dangling bucket attacks can allow hackers to serve malware and steal data. To prevent such threats, organizations are advised to follow best practices that combine secure default configurations, continuous monitoring, automated alerting and remediation, and strict access management.
First and foremost, organizations should avoid leaving buckets orphaned or forgotten. This can be achieved by implementing continuous monitoring and regular audits to detect publicly exposed or unused buckets. Starting from private access by default and explicitly adding permissions as needed is also recommended, as is the use of Signed URLs and Firebase Authentication rules for controlled, temporary access.
Organizations should also employ Data Security Posture Management (DSPM) tools, such as Sentra, to continuously inventory, classify sensitive data, monitor bucket exposure, and alert or automatically remediate risky public access or permissions changes. Monitoring for unusual access patterns or data movement that may indicate a breach or misconfiguration exploitation is also crucial.
Maintaining robust identity and access management and proactive vulnerability management is essential to prevent credential compromise and misconfigurations, common attack vectors leading to dangling bucket takeovers.
Google advises that if a dangling bucket name is found to pose a security risk, action should be taken quickly. For own dangling buckets, Google suggests creating a new storage bucket with the same name in a secure project. An attacker can claim the same bucket name in their own project, effectively hijacking the old address, so it's important to reclaim and secure any dangling buckets, creating a new one in a secure project if necessary.
Google also recommends finding and fixing any code that references dangling buckets in the environment. For buckets not owned by the user, data and remote references in code and docs should be found before deploying the fix to users.
To effectively close dangling bucket takeovers, Google recommends incorporating these practices into the development lifecycle and operational procedures. A safe cloud bucket decommissioning plan that includes a full audit is also recommended before actually deleting a bucket.
By following these best practices, organizations can help protect their data from potential dangling bucket threats. For more information, Google encourages users to familiarize themselves with its pages of documentation on the matter.
- To bolster cybersecurity and safeguard data in Google Cloud Storage, it's crucial for organizations to adhere to best practices such as regular monitoring, secure default configurations, and robust identity and access management, which can help prevent threats like dangling bucket hacks.
- In the realm of data-and-cloud-computing, employing tools like Data Security Posture Management (DSPM) and being vigilant for unusual access patterns or data movement can aid in detecting and mitigating risks associated with cloud bucket hijack and takeover.
