Skip to content
Information Technology

Google Cloud releases latest Threat Horizons Report

Mandiant 3 mins read

Google Cloud has published its latest Threat Horizons Report, bringing decision-makers strategic intelligence on threats to cloud enterprise users.

key takeaways from the report include:

  • Credentials factor into over half of incidents in Q1 2023
    • In Q1 2023 our Cloud incident response teams observed that credential issues continue to be a consistent challenge accounting for over 60% of compromise factors, which could be addressed by stronger identity management guardrails in place at the organisation level.
    • Misconfiguration accounted for 19% of compromise factors which were also associated with other compromise factors such as sensitive UI or APIs exposed which account.
    • An example of how these two factors are associated could include a misconfigured firewall that unintentionally provided public access to a UI.
    • Top risky actions that can lead to compromises: cross-project abuse of access token generation permission, replacement of existing compute disks/snapshots, service account key creation, and GCE project SSH keys.
  • Mobile Apps Evading Cloud Enterprise Detection through Versioning
    • Researchers have identified instances of Android applications downloading malicious updates after installation, attempting to evade Google Play Store's malware detections.
    • Campaigns using versioning commonly target users’ credentials, data, and finances.
    • In an Enterprise environment, versioning demonstrates a need for defense in-depth, including but not limited to, limiting application installation sources to trusted sources such as Google Play or managing corporate devices via a mobile device management (MDM).
  •  Identifying Compromised Customer Domains and IPs on Google Cloud
    • Using 2022-23 VirusTotal (VT) and Mandiant data, Google discovered 19 customer domains and one IP hosted on Google Cloud, compromised in Q1 2023.
    • Each of the uncovered 19 websites had at least one malicious file downloaded from it; while the one IP had bi-directional communications with external malware, using ports above the well-known port range (i.e. numbering 1024-65535).
  •  Telecommunications Industry Profile: Cloud Adoption Requires Zero Trust Approach to Address Threats Amid Growing Systemic Cyber Risk Concerns
    • As the telecommunications industry adopts cloud services, threats from nation states and cybercriminals will likely persist—along with pre-existing systemic cyber risk—that require modern cybersecurity approaches such as Zero Trust (ZT) to address.
    • The most frequently targeted telecom subsectors observed by Mandiant over the last two years include wireless telecommunications, IT and telecom services, and data services.
    • Geopolitical activity is likely driving state actors to focus on targeting the telecom industry while financially motivated cybercriminals are evolving their tools and methods for doing so.
    • Digital security threats to telecom industry business continuity and use of legacy systems will likely persist, along with increased focus on cloud service providers, as the industry continues migrating critical IT operations and business support systems to the cloud.
    • Modern cybersecurity approaches such as ZT combined with cloud services can help the telecom industry create and secure new services, maintain resiliency of operations, and reduce risk of data breaches.
  • Threat Insights: Implications of Source Code Leaks
    • This article increases awareness of how compromises or leaks of source code can help cyber threat actors facilitate a variety of exploitation activities, including exposure and abuse of legitimate credentials and certificates, unauthorised reproduction and use of leaked software, the development or insertion of vulnerabilities, and supply chain compromise.
    • Common Causes of Source Code Leaks: While credential or authentication token compromise are often cited as causes for source code incidents, there have been cases in which a compromise of a third-party service involved in hosting the code or the continuous integration/continuous development (CI/CD) process led to compromises of users of these services, as well as malicious insider incidents and misconfigurations
    • Mitigation recommendations for code repositories and third-party resources reflect commonly cited IT security best practices, including adhering to the principle of least privilege, network segmentation, and log monitoring.
  •  Leveraging third-party services while reducing risk
    • Bad actors looking to evade detection can exploit these trusted relationships to gain access to organisations through supply chain attacks. These threats can be categorised as reputable third parties being compromised or bad actors intentionally creating malicious third-party services and luring users to use them.
    • Though each offers different levels of security to help secure their users and reduce risk - they are essentially black boxes for organisations integrating with them. We highlight where malicious behaviour has been observed, where we assess threat actors may target, and measures organisations can take to mitigate these risks.


More from this category

  • Information Technology
  • 29/11/2023
  • 10:07
SEAtS Software

SEAtS Software, a Leading EdTech Provider, Announces Global Launch of Stand-Alone Mitigating Circumstances Solution

DUBLIN, Ireland, Nov. 28, 2023 (GLOBE NEWSWIRE) -- SEAtS Software, a leading provider of student success solutions, is proud to announce the global availability of their stand-alone mitigating & special circumstances solution. This solution is designed to help higher education institutions manage the increasing volume and complexity of mitigating and special circumstances applications from students.Mitigating and special circumstances are situations that affect a student's ability to perform academically, such as illness, bereavement, or personal issues. These situations require a fair and transparent process to assess the impact on the student's grades and provide appropriate support and adjustments.However, many institutions are…

  • Information Technology
  • 29/11/2023
  • 07:07
CSP, Inc.

ARIA Cybersecurity Partners With Logi-Tech To Protect Australia’s Critical Infrastructure From Growing Cyberthreat

Leading Australian MSSP launches new managed Security Operations Center (SOC) service for IT and critical infrastructure customersBOSTON, MA / ACCESSWIRE / November 28, 2023 / ARIA Cybersecurity Solutions, a CSPi business (NASDAQ:CSPI), has launched its AZT PROTECT™ solution in Australia via a partnership with Logi-Tech, a leading local managed security service provider (MSSP). By adding AZT PROTECT to its portfolio, Logi-Tech can offer a groundbreaking service for protecting critical applications in operational technology (OT) environments such as manufacturing, mining, and government.Logi-Tech's new managed Security Operations Center (SOC) service is based on a combination of the ARIA Advanced Detection Response (ADR)…

  • Information Technology
  • 29/11/2023
  • 03:07

Attentive Drives Record-Breaking $1.8 Billion in Online Sales During Cyber Week 2023

Leading the Charge: Attentive is the World’s #1 Conversational Marketing Platform, Generating Revenue Surge Amid Soaring Mobile Shopping TrendsAttentive drives record-breaking $1.8 billion in online sales during Cyber Week 2023Brands powered by Attentive sent over 2.2 billion text messages, with the highest amount sent on Black FridayUse of personalized text messages led to up to 36.6% in mobile purchases45% of brands sent an AI-influenced message and more than 218 million AI-influenced messages were sentBrands recovered a total of $148 million from abandoned carts, converting browsers into buyersNEW YORK, Nov. 28, 2023 (GLOBE NEWSWIRE) -- Today, Attentive, the world’s #1 conversational…

Media Outreach made fast, easy, simple.

Feature your press release on Medianet's News Hub every time your distribute with Medianet. Pay per release or save with a subscription.