Google Cloud Issues First-Ever Cloud Threat Intelligence “Threat Horizons” Report

January 3rd, 2022

A lot is being written these days about cloud security. Just last week, we posted a blog about how the cloud can simplify ransomware recovery. While we are confident that the cloud plays a crucial role in recovering your data, there are still plenty of cloud cybersecurity threats that IT pros need to consider. The Kaseya ransomware attack is the perfect example. The attack started by exploiting a vulnerability in Kaseya’s remote monitoring and management tool. It resulted in nearly 60 MSPs being compromised, encrypting data and demanding ransoms from up to 1,500 of their end-user customers. That tool is Kaseya VSA, a cloud-based product. To help your organization ensure your cloud environment is best protected against ever-evolving threats, Google’s Cybersecurity Action Team just issued its first-ever “Threat Horizons” cloud threat intelligence report. Based on threat intelligence observations from the Threat Analysis Group (TAG) and other internal teams, the report offers actionable intelligence that helps you configure your environment and defenses specifically to meet your needs based on trusted cybersecurity threat intelligence sources.

Cybersecurity Threats Loom Across Applications and Infrastructure

The report notes that the Google team has most recently responded to cryptocurrency mining abuse, phishing campaigns, and ransomware. It also says that organizations that emphasize secure implementation, monitoring, and ongoing assurance will be more successful in mitigating these threats or reducing their impact. Even then, the threats will continue, with TAG observing recent attacks that targeted Gmail accounts and impersonated employment recruiters to steal user credentials. There are two items that the report mentions in passing that we think are worth putting a spotlight on. First, attackers continue to exploit poorly configured cloud instances, with malicious actors gaining access to the Google Cloud instances by taking advantage of poor customer security practices or vulnerable third-party software in nearly 75 percent of all cases. Second, and even worse, almost half of all compromised instances were attributed to actors gaining access to the internet-facing cloud instance, which had either no password or a weak password for user accounts or API connectors. That left these instances vulnerable to scanning or brute-force attacks. More than a quarter of compromised instances were attributed to owner-installed third-party software.

Build Stronger Cloud Defenses

The report includes a host of recommendations with valuable links. But it also makes it clear that there is no substitute for putting cybersecurity best practices in place. While many of these action steps are relatively simple, each serves a critical purpose in protecting your cloud data and applications. The list also includes several Google Cloud tools built to help you keep your cloud data secure. That’s why we are sharing it here.

Prevent Google Cloud Instance Exploits

  • Follow password best practices and best practices for configuring cloud environments
  • Update third-party software before exposing a cloud instance to the web
  • Avoid publishing credentials in GitHub projects
  • Use Container Analysis to perform vulnerability scanning and metadata storage
  • Leverage Web Security Scanner to identify security vulnerabilities in App Engine, Google Kubernetes Engine, and Compute Engine.
  • Use service accounts with Compute Engine to authenticate apps instead of using user credentials
  • Implement Policy Intelligence tools to manage policies, and use predefined configurations using Assured Workloads to reduce misconfigurations
  • Set conditional alerts that notify you if there is high resource consumption
  • Enforce and monitor user password requirements

Fight Spear phishing

  • Engage in email best practices
  • Establish 2-step verification
  • Deploy Context-Aware Access for granular access control policies to apps based on attributes such as user identity, location, device security status, and IP address

Keep Software Up-to-Date and Secure

  • Establish a robust chain of custody by hashing and verifying downloads

Make Sure Recovery is Possible Everywhere With Immutability

While Google Cloud makes a clear case for prevention, sometimes even the best mitigation efforts aren’t enough. That’s why it’s essential to have a last line of defense like Arcserve Universal Data Protection (UDP). Arcserve UDP combines cutting-edge cybersecurity that uses a deep learning neural network to detect both known and unknown malware without relying on signatures. Most important, Arcserve UDP employs immutable backups. Immutability is when your data is converted to a write-once, read many times format that can’t be altered or deleted. Combined with backup and recovery best practices, like the new 3-2-1-1 backup rule, you can bring next-level security to your data in the cloud—and everywhere else. And you can always be confident that you can recover your data.

Try UDP for Free

A free 30-day trial is a great way to personally see the simplicity and powerful protections that Arcserve UDP delivers for your cloud, virtual, physical, hyperconverged, and SaaS-based workloads. Want to learn more? Contact us today.