Now Google Warns Of Cloud Hack Attacks — 4 Steps You Must Take

You have been warned — act now to prevent these Google Cloud attacks.

SOPA Images/LightRocket via Getty Images

It has been one heck of a week for Google users everywhere: multiple Chrome browser security vulnerabilities have been identified, security warnings sent by email regarding user account security issues, and, most importantly, a confirmation from the company that Google itself has been hacked and user information compromised. Now, Google has confirmed more hack attacks, this time impacting users of Google Cloud. Here’s what you need to know and what you need to do to mitigate the dangling bucket attacks that threaten your data.

ForbesEmergency Microsoft Security Warning Confirmed — Act Now, CISA SaysBy Davey Winder

Google Warns Of Dangling Bucket Cloud Hack Attacks

An August 8 Google Cloud advisory posting warned that hackers can effectively hijack a deleted storage bucket to “potentially serve malware and steal data from users who unknowingly still rely on a bucket that is no longer officially in use.” Raman Bansal, a senior software engineer, and Maksim Shudrak, an information security engineer, both working at Google, published the warning and mitigation advice for all Google Cloud users in response to what are being called dangling bucket hack attacks.

The dangling bucket attack, the Google engineers explained, is made possible when a user deletes a storage bucket but, for whatever reason, references to it remain in everything from application code and apps to public documentation. “An attacker can then simply claim the same bucket name in their own project,” Google said, “effectively hijacking your old address.”

Google has pages of documentation that anyone using a Google Cloud bucket really should familiarize themselves with, but the advisory blog posting listed a number of steps that Google recommends be taken as soon as possible in order to mitigate against the specific dangling bucket threat.

ForbesCamera Hacking — America’s Cyber Defense Agency Issues WarningBy Davey Winder

Mitigating The Google Cloud Dangling Bucket Threat

The three steps that Google advised be taken are as follows:

1. Employ a safe cloud bucket decommissioning plan before typing
   ‘gcloud storage rm’ that incorporates a full audit to check for who and what is still accessing the bucket, and then wait at least a week before actually deleting the bucket.
2. Find and fix any code that references dangling buckets in your environment. This requires a process of proactive discovery involving the analysis of logs and scanning of your codebase and documentation.
3. And finally, reclaim and secure any such dangling buckets. “If you find a dangling bucket name that might represent security risk to you or your clients,” Google said, “act fast.” For buckets you do not own, follow the previous steps to find available data and remote references in your code and docs before deploying the fix to your users. For your own dangling buckets, Google recommended creating “a new storage bucket with the exact same name in a secure project you control,” in order to prevent an attacker from claiming it.

“By building these practices into your development lifecycle and operational procedures,” Google concluded, “you can effectively close the door on dangling bucket takeovers.”

ForbesVPN Attack Warning Confirmed — What You Need To Do NowBy Davey Winder