Page 129 - Cyber Defense eMagazine September 2023
P. 129
Although the solutions mentioned here are unique to Google Cloud, you can find similar services in other
public cloud providers that provide similar functionality.
1. Prevent public exposure of your API credentials, encryption keys and secrets: Developers often
unknowingly share API credentials, encryption keys and secrets in their codebase that resides in
a code hosting platform such as GitHub or Google Cloud’s Artifact Registry. This might sound like
a common practice usually done for the sake of “quick accessibility”. In the long run though, when
the code gets pushed into production with the credentials/keys in the code itself, it might pose a
huge risk. If a hacker gets access to those credentials that’s publicly available in your code-base,
they potentially hold the power to gain unprivileged access to your organization’s proprietary data
and can cause irreversible damage. Some mechanisms to prevent this is by using extremely
granular IAM policies not only for identities but also on the resource itself. For example, in Google
Cloud, you can use Organization Policy Constraints to limit who can create service account keys.
2. Prevent user accounts compromise: Password spray and brute force attacks are the most
common ways to steal identities and use that access for malicious purposes. As enterprises, you
can adopt a couple of solutions to prevent such threats. For example, you can use 2FA / U2F
solutions and make its requirement a mandate in your organization. You can also use a tool like
“Password Alert” that prevents re-use of passwords that are being used by users in your
organization to be used elsewhere on the internet. Consider also using tools such as Google’s
Password Manager that helps you manage passwords all at one place and identify your
passwords that were exposed in a third-party data breach.
3. Monitor virtual machines for cryptojacking: Cryptojacking is a type of malware attack that uses a
victim's virtual machine resources to mine cryptocurrency. This can have a significant impact such
as data breaches, an unwarranted massive cloud bill or other security incidents that can
negatively affect your organization. Cloud-based cryptojacking is on the rise and occurs when an
attacker gains access to a victim's cloud computing account and uses it to mine cryptocurrency.
This type of attack is more scalable and anonymous, making it more difficult to detect and prevent.
Google Cloud’s native built-in solutions in the Security Command Center such as the “Virtual
Machine Threat Detection” and “Event Threat Detection” can help identify such threats in the
cloud. These are critical threats due to the aforementioned reasons and so having that instant
visibility can help organizations immediately fix such issues whenever they get identified.
Source: https://cloud.google.com/security-command-center
Cyber Defense eMagazine – September 2023 Edition 129
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.