Google Cloud Platform allows data exfiltration without a (forensic) trace
Attackers can exfiltrate company data stored in Google Cloud Platform (GCP) storage buckets without leaving obvious forensic traces of the malicious activity in GCP’s storage access logs, Mitiga researchers have discovered. GCP data exfiltration attack (Source: Mitiga) Covert data exfiltration from GCP buckets In short, the main problem is that GCP’s basic storage logs – which are, by the way, not enabled by default – use the same description/event (objects.get) for different types of access, … More →