- ITDM 2025 전망 | “불경기 시대 속 콘텐츠 산업··· 기술이 돌파구를 마련하다” CJ ENM 조성철 엔터부문 CIO
- 50억 달러 피해에서 700명 해고까지··· 2024년 주요 IT 재난 8선
- Network problems delay flights at two oneworld Alliance airlines
- Leveraging Avaya Experience Platform to accelerate your digital banking transformation
- The best iRobot vacuums of 2024: Expert tested and reviewed
Credentials Account For Over Half of Cloud Compromises
Over half (55%) of public cloud compromises investigated by Google in the first three months of the year were down to a missing or weak password, the tech giant has revealed.
The findings come from Google Cloud’s latest Threat Horizons report, which compiled the figures from the firm’s incident response engagements.
The report argued that “strong identity management guardrails” would help to mitigate these risks in public cloud environments.
The second most common compromise factor in the period was misconfiguration, which accounted for 19% of incidents. Google said misconfigurations could also be linked to other compromise factors such as exposure of sensitive UIs or APIs, which accounted for 12% of incidents.
“An example of how these two factors are associated could include a misconfigured firewall that unintentionally provided public access to a UI,” it explained.
Read more on public cloud threats: Public Cloud Customers Admit Security Challenges
The top risk action leading to compromise in Google Cloud environments was overwhelmingly cross-project abuse of access token generation permission (75%). This can be associated with the MITRE ATT&CK tactic of privilege escalation and the technique of “valid accounts: cloud accounts,” Google noted.
In second place came replacement of existing compute disks or snapshots, which accounted for 12% of alerts detected by Google. These alerts are triggered when a compute disk or snapshot is deleted and replaced by one with the same name – a common occurrence during cryptocurrency mining, the report explained.
The report also revealed how threat actors are trying to bypass Google Play Store malware detections to get their malicious apps listed on the official marketplace. An increasingly popular tactic is “versioning.”
“Versioning occurs when a developer releases an initial version of an app on the Google Play Store that appears legitimate and passes our checks, but later receives an update from a third-party server changing the code on the end user device that enables malicious activity,” the report explained.
Google recommended organizations take a defense-in-depth approach to mitigate the risk, including regular device updates, mobile device management and application allowlists.
