"Experts Reveal Google Cloud Platform's Blind Spot for Data Exfiltration Attacks"

New research demonstrates that malicious actors can use "insufficient" forensic visibility into Google Cloud Platform (GCP) to exfiltrate sensitive data. The cloud incident response company Mitiga stated that GCP lacks the visibility in its storage logs required for any effective forensic investigation, rendering organizations oblivious to possible data exfiltration attacks. The attack relies on the adversary gaining control of an Identity and Access Management (IAM) entity in the targeted organization using social engineering techniques in order to enter the GCP environment. The root of the issue is that GCP's storage access logs do not provide sufficient transparency with regard to potential file access and read events, grouping them together under the "Object Get" activity. This article continues to discuss how malicious actors can abuse insufficient forensic visibility into GCP to exfiltrate sensitive data. 

THN reports "Experts Reveal Google Cloud Platform's Blind Spot for Data Exfiltration Attacks"