Google Fixes Critical Flaw in Google Cloud Platform SQL Permissions
Google has responded to a vulnerability identified by researchers that enabled the accessing of data and escalated privileges in its Google Cloud Platform (GCP) database service. The issue is believed to have potentially provided access to additional clouds, including customer environments. Researchers claimed to have siphoned a considerable amount of potentially sensitive data from the host operating system (OS) after accessing the admin role in GCP SQL. They ultimately unlocked full control of the SQL server via a misconfigurations gap in its roles-permissions architecture. Google resolved the issue in April after being alerted in February and the researchers were rewarded through Google’s bug bounty program.
Understanding the Exploitation Methodology
While GCP includes different database engines for use, researchers pinpointed a SQL Server vulnerability, within the GCP default login. The “CustomerDbRootRole” role requires elevation to acquire access to GCP admin roles and extend permissions to access files, potentially damaging customer data. Researchers were able to exploit a gap within the security layer around the CloudSQL service of GCP by elevating default permissions and using a misconfigured roles-permissions architecture to escalate privileges and grant full access to the OS hosting the database. As such, they acquired full control of the SQL server enabling them to extract sensitive files, passwords and secrets.
Mitigating Security Risks
Cybersecurity risks in cloud databases remain a common problem, driven by mistakes that exposed unintentional security complications, including a lack of encryption, misconfigured systems and shared access keys. In the current case, where a vulnerability was identified in February and fixed two months later, researchers suggest organizations apply their own cloud data security controls to secure data. A combined Data Security Posture Management (DSPM) and Data Detection and Response (DDR) system can lessen the chance of data extractions. DSPM identifies sensitive data and ensures it is encrypted before any potential breach, while DDR real-time detects and responds to data exfiltration and misuse, which would protect the organization’s data amidst a breach .
Conclusion
The identification of a SQL vulnerability in GCP poses challenges for cloud computing providers. Unintentional exposures, including those found in GCP, emphasize the importance of data security platforms to operate alongside cloud providers’ security measures. Customers who apply their own security controls, such as DSPM and DDR, may lower their risk of a breach by identifying confidential data to encrypt, while a DDR system can detect and respond to exfiltrations, protecting sensitive data.
<< photo by Petter Lagson >>
You might want to read !
- Examining the rise of cybersecurity investments: Sekoia.io’s successful $37.5 million fundraising campaign
- “Cynet’s Cybersecurity Solution Saves Hospital from Deadly Infection”
- Uncovering the Latest Iranian Cyber Attack: A Look into the New PowerExchange Backdoor
- Isolated from Danger: Protecting Branch Offices in Risky Regions
- The Evolution of Buhti Ransomware Gang: Analyzing the Utilization of Leaked LockBit and Babuk Code
- Uncovering the Secrets: Linking Mysterious Malware to Russia’s Industrial Cyber Espionage
- Exploring the Implications of Eagle Eye Networks and Brivo’s $192M Investment in Cloud Physical Security
- The Power of AI in Cybersecurity Recovery
- Meta Faces Consequences with $1.3B Penalty for Violating GDPR
- API Security: The Risk of Data Leakage
