Although the solutions mentioned here are unique to Google Cloud, you can find similar services in other
            public cloud providers that provide similar functionality.

               1.  Prevent public exposure of your API credentials, encryption keys and secrets: Developers often
                   unknowingly share API credentials, encryption keys and secrets in their codebase that resides in
                   a code hosting platform such as GitHub or Google Cloud’s Artifact Registry. This might sound like
                   a common practice usually done for the sake of “quick accessibility”. In the long run though, when
                   the code gets pushed into production with the credentials/keys in the code itself, it might pose a
                   huge risk. If a hacker gets access to those credentials that’s publicly available in your code-base,
                   they potentially hold the power to gain unprivileged access to your organization’s proprietary data
                   and can cause irreversible damage. Some mechanisms to prevent this is by using extremely
                   granular IAM policies not only for identities but also on the resource itself. For example, in Google
                   Cloud, you can use Organization Policy Constraints to limit who can create service account keys.
               2.  Prevent  user  accounts  compromise:  Password  spray  and  brute  force  attacks  are  the  most
                   common ways to steal identities and use that access for malicious purposes. As enterprises, you
                   can adopt a couple of solutions to prevent such threats. For example, you can use 2FA / U2F
                   solutions and make its requirement a mandate in your organization. You can also use a tool like
                   “Password  Alert”  that  prevents  re-use  of  passwords  that  are  being  used  by  users  in  your
                   organization to be used elsewhere on the internet. Consider also using tools such as Google’s
                   Password  Manager  that  helps  you  manage  passwords  all  at  one  place  and  identify  your
                   passwords that were exposed in a third-party data breach.
               3.  Monitor virtual machines for cryptojacking: Cryptojacking is a type of malware attack that uses a
                   victim's virtual machine resources to mine cryptocurrency. This can have a significant impact such
                   as  data  breaches,  an  unwarranted  massive  cloud  bill  or  other  security  incidents  that  can
                   negatively affect your organization. Cloud-based cryptojacking is on the rise and occurs when an
                   attacker gains access to a victim's cloud computing account and uses it to mine cryptocurrency.
                   This type of attack is more scalable and anonymous, making it more difficult to detect and prevent.
                   Google Cloud’s native built-in solutions in the Security Command Center such as the “Virtual
                   Machine Threat Detection” and “Event Threat Detection” can help identify such threats in the
                   cloud. These are critical threats due to the aforementioned reasons and so having that instant
                   visibility can help organizations immediately fix such issues whenever they get identified.



















            Source: https://cloud.google.com/security-command-center







            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          129
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.