Beyond the Perimeter: Uncovering the Hidden Threat of Data Exfiltration in Google Cloud Platform

Presented at BSidesLV 2023, Aug. 9, 2023, 3 p.m. (Unknown duration).

Google Cloud Platform (GCP) is a cloud computing platform that has gained immense popularity due to its scalability, flexibility, and advanced features for data analytics, machine learning, and application development. GCP audit logs provides valuable information for detecting and investigating security incidents. By analyzing audit logs, security professionals can identify suspicious activities and detect potential breaches, allowing for timely and effective incident response. In this talk, we will discuss the numerous ways attackers can steal data from Google Cloud Platform (GCP) resources with minimal chance of detection. It explores five different methods an attacker can use to exfiltrate data in the popular services: Google Cloud Storage, Cloud SQL and BigQuery. For each method we will show a short demo and describe the generated log events and what to look for to detect malicious behavior. Overall, the lecture highlights the importance of proactive security measures and recommends best practices such as preparing for security incidents by enabling audit logs of data activity and implementing access controls to prevent unauthorized data exfiltration. By following these best practices and leveraging the insights gained from audit logs, the participants can better protect their GCP resources and respond quickly to potential security incidents.

Presenters:

  • Or Aspir
    A cyber security pro with 10+ years experience, Leading Mitiga's research team. My cyber security experience started when I served in IDF intelligence corp. I derive pleasure from discovering vulnerabilities or loopholes in software systems. I'm also a former salsa instructor and like trolling my friends and colleagues in my free time.

Links:

Similar Presentations: