Google Cloud report highlights persistent cloud security risks

A recent Google Cloud report has revealed that 46% of observed security alerts stemmed from overprivileged service accounts, according to Security Boulevard.

Google Cloud's Threat Horizons report found weak or absent passwords leading as the access method most commonly exploited by threat actors, accounting for 46% of initial breaches. Misconfiguration came next at 36%, followed by compromised user interfaces or application programming interfaces at 17%. Once inside a cloud environment, attackers moved laterally in 62% of cases, often searching for insecure private keys and manipulating access tokens. Additionally, 10% of reported incidents involved access to service account keys from unexpected locations.

The report highlighted a significant campaign in 2024 as an example of the growing prevalence and sophistication of cloud-based cyberattacks. In the campaign, attackers used Kinsing malware to exploit exposed PostgreSQL databases and gain persistent access through brute force techniques. The stolen data was likely used in ransomware attacks, with Google’s Mandiant division observing data from 1,242 organizations posted on leak sites in the third quarter of 2024. Google Cloud urges organizations to enhance their security by enforcing multifactor authentication and implementing least-privilege access controls.