Friday, March 28, 2025
Homecloud Computing
cloud ComputingGoogle Cloud

Credential Theft And 5 Ways Google Cloud Keeps You Safe

Thota nithya
By Thota nithya
0
87
Credential Theft
Credential Theft And 5 Ways Google Cloud Keeps You Safe

Attackers targeting cloud settings are concentrating more on taking advantage of stolen cloud identities. Increased risks, such as misuse of cloud resources and exfiltration of sensitive data, might result from the breach of human or non-human identities. The sheer volume of identities in most organisations increases these dangers; as identities increase, so does the attack surface they provide.

Organisations should give priority to actions that can improve identity protection, as outlined in the most recent Google Cloud Threat Horizons Report.

Google Cloud is outlining important risk mitigation strategies from Google Cloud security specialists that you can implement right away. As part of their efforts to safeguard their cloud installations, every organisation should assess these mitigations.

Google Cloud’s built-in protections 

Always-on account protection features offered by Google Cloud reduce the risk of credential theft. Heuristics that identify probable credential theft and end an attacker’s session form the basis of many of these defences. Others restrict the use of cookies that may have been stolen to minutes rather than hours.

Before permitting numerous critical operations in the Cloud Console, Google Cloud needs users to reauthenticate in order to verify the authenticity of their credentials. Either a risk score or determinism may be used to trigger this reauthentication.

Newly formed organisations are automatically protected against the common threats of resource sharing and service credential theft by Google Cloud’s default Organisation Policies.

Additional layers of defence, including as multi-factor authentication (MFA), session protection, service credential protection, identity and access restrictions, and security monitoring, should be in place as attacker techniques change.

Customers of Google Cloud are urged to take the following precautions to assist strengthen defences against credential theft:

Multi-factor authentication (MFA)

Google Cloud announced it’s intentions to require MFA for all Google Cloud users this year as part of their shared fate strategy to assist consumers. Prior to obligatory enforcement, you can take the following actions if you haven’t activated MFA yet:

  • Your main Identity Provider (IdP) should have MFA enabled. Follow these guidelines if you are a Google Cloud user and Google Cloud Identity is your primary IdP.
  • For re-authentication, add an MFA tool to Google Cloud Identity accounts. Before enabling critical operations, this offers an extra degree of authentication if Google Cloud Identity is not your default IdP. Observe these guidelines.
  • When using Google, set up your IdP to always challenge (preferably with MFA). When a session ends or Google Cloud needs re-authentication, Cloud Identity asks the IdP for an attestation when users use Cloud Identity with their own IdP via SAML or OIDC. To reduce user friction, IdPs quietly approve each of these attestations in the default configuration. Even so, the majority of IdPs may be set up to constantly need MFA and re-enter credentials everytime Google Cloud requires an attestation. For a more seamless user and administrative experience, this option may be made to just apply to the app that represents Google Cloud and not to other applications that the IdP federates.

Protecting sessions

Four controls that might improve session security are suggested by us:

  • Reducing session duration can make stolen cookies less helpful. The user-configurable session duration is 16 hours by default.
  • Using Context-Aware Access (CAA) to restrict IPs that may access Cloud Console and APIs can render credentials that have been stolen meaningless (unless the attacker has access to allowlisted IPs, such the corporate network or VPN IPs).
  • mTLS certificates can be needed in order to access Cloud Console and Google Cloud APIs using certificate-based access. By requiring users to give a mTLS certificate in addition to their current credentials, like cookies, mTLS offers robust protection against cookie theft. Since mTLS certificates are usually kept in the user’s device’s Trusted Platform Module (TPM), it is very difficult for an attacker to steal them. Many businesses currently provide mTLS certificates to their users, and Google Cloud enables consumers to use new mTLS certificates specifically for Google Cloud or reuse their current ones.
  • Google Cloud organisation administrators may establish fine-grained, attribute-based access control for projects and resources by configuring contextual-access limitations using Access Context Manager. In order for a resource request to be approved, access levels might be set up to demand additional device and user characteristics. For instance, you can mandate that resources be accessed and configured using a corporate-managed account.

Protecting service credentials

Additionally, organisations ought to provide layered security for non-human identities. For the management, use, and security of service account keys and API keys, Google Cloud provides comprehensive best practices. Three crucial controls to take into account:

  • Disable service account key creation: This Organisation Policy option stops users from creating service account permanent keys. Choose the appropriate authentication solution for your use case rather to permitting unqualified usage of service account keys. Only in situations when more secure alternatives are not feasible should you permit service account key exceptions.
  • Automatically disable compromised service account keys: Google Cloud often searches public repositories, such as Gitlab and Github, for compromised service account keys. Google Cloud will automatically deactivate a key if it finds one that is exposed. Additionally, it generates an event in the Cloud Audit Logs and notifies project owners and security contacts of the exposed key. Google Cloud advise against changing the DISABLE_KEY setting, which is enabled by default.
  • Connecting trustworthy networks to service account keys: Awareness of Context Service account access allows users to restrict service accounts’ access to Google Cloud services and APIs to trusted networks and link them to a range of IP addresses or VPC networks. Customers can use this form to seek early access to this control.

Identity and access controls

By using these controls to restrict access and privileges to only those that users require to carry out their job duties, you may lessen the effect of credential compromise.

  • You may provide certain Google Cloud resources granular access with Google Cloud Identity and Access Management (IAM), which can also assist block access to other resources. Roles are assigned to authorised principals, and permissions are divided into roles. You should use tools like IAM Recommender to assess and right-size permissions on a regular basis. For identity and access management, the Google Cloud Architecture Framework offers more best practices.
  • A strong, context-aware method of managing access to your cloud resources is made possible by VPC Service Controls. Granular access control policies may be defined according on characteristics like IP address and user identity. Before allowing access to cloud resources from untrusted networks, these policies make sure certain security measures are in place. VPC Service Controls assist guard against the danger of data exfiltration posed by clients using stolen OAuth or service account credentials by limiting access to only authorised networks.
  • The resources that a principal can access can be properly defined by principal access boundaries. Regardless of the responsibilities they have been given, a principal’s access to a resource is restricted if a policy prohibits them from using it.
  • Limit role grants to users who belong to a certain domain or organisation by limiting identities by domain using domain-restricted sharing. Only principals from permitted domains or organisations are eligible to be assigned IAM roles in your Google Cloud organisation when domain restricted sharing is in effect.

Security monitoring

You should proactively check your cloud environment for indications of compromise in addition to putting preventative policies in place. The impact of a compromise on company can be reduced with early discovery.

  • Google Cloud’s integrated security and risk management platform is called Security Command Centre (SCC). It offers threat detection, compliance monitoring, and thorough security posture management.

You can control which identities have access to which resources in your deployments, minimise possible risks brought on by incorrect setups, and implement the least privilege principle with SCC’s Cloud Infrastructure Entitlement Management (CIEM) capabilities. SCC’s Sensitive Actions Service automatically finds and notifies you of potentially harmful activity taking place within your cloud organisation, folders, and projects. The Virtual Red Teaming feature of SCC continually checks for the exposure of high-value resources and reveals the identities and access points that could be compromised.

What is credential theft prevention?

Credential Theft Prevention protects usernames and passwords against fraudsters. Cyberattacks including phishing, malware, and data breaches may steal credentials. Keeping personal accounts, companies, and organisations secure requires preventing credential theft.

What is Credential Theft Attacks?

Hackers steal usernames and passwords to access accounts, systems, and networks in a Credential Theft Attack. These assaults can cause identity theft, financial fraud, and data breaches.

Common credential theft attacks

Phishing

Users are tricked into inputting credentials on bogus websites or responding to false emails.

Keylogging

To steal usernames and passwords, malware logs keystrokes.

Filling Credentials

Multiple accounts are accessed using stolen credentials from earlier data breaches.

Physical assaults

Autotools attempt passwords with various combinations.

MitM Attacks

Data transmission hacks steal login credentials.

Social-engineers

Attackers trick users into disclosing passwords.

Malware/Spyware

Device malware steals credentials.

What is Credential Theft Protection?

Credential Theft Protection involves safeguarding login credentials including usernames, passwords, and authentication tokens against hackers. It helps people and businesses protect important accounts and systems.

Previous article
Bottleneck Von Neumann Architecture Solutions & Challenges
Next article
Networking For AI workloads: Simplifies Your AI Integration
Thota nithya
Thota nithya
Thota Nithya has been writing Cloud Computing articles for govindhtech from APR 2023. She was a science graduate. She was an enthusiast of cloud computing.
RELATED ARTICLES

Recent Posts

Load more

Popular Post

Load more

About Us

Govindhtech is the most popular location for people interested in technology of all experience levels. We are experts in covering a wide variety of issues, such as recent developments in cloud computing, news on artificial intelligence, computer processors, computer graphics cards, solid-state drives, random access memory, and monitors news.


Sitemap

About Us

Contact Us

Disclaimer

Privacy Policy

POPULAR CATEGORY

Contact us: agarapuramesh@govindhtech.com

©Govindhtech, All Rights Reserved