Some odd and potentially dangerous behavior within the Google Cloud Platform (GCP) was revealed by cloud security company Mitiga Thursday. If GCP is not configured correctly, it could be exploited by attackers to engage in malicious activity inside a user’s cloud environment, according to a blog posted on the Israeli company’s website.
The behavior is linked to one of the APIs used by Google Cloud. The API allows users to retrieve data from serial ports, but by creating a virtual machine in the cloud, data could also be continuously written to the ports. Moreover, because of the way Google Cloud classifies such traffic, administrators aren’t given much visibility into it. If an attacker were exploiting the behavior, their constant calls to the ports might tip their hand, Mitiga explained, but the malicious activity is likely to be missed by developers unfamiliar with the specifics of the API.
Attackers can gain command-and-control capabilities
Another Google Cloud oddity noticed by Mitiga was the way it allows users to modify metadata at runtime. Other cloud providers also give users that power, but only when a virtual machine is shut down. Google virtual machines allow users to set custom metadata tags with custom values and, by default, read those values from a metadata server. Coupled with the read serial port function, Mitiga said, a full feedback loop is created that can give attackers command-and-control capabilities.
The company also illustrated how malware could use the API to obtain full administrative access to a system. By using a command to configure a virtual machine to use user data when the VM starts, attackers can write a script to load at runtime and take control of a system.
Mitiga outlined attack scenarios stemming from its findings:
- An attacker can gain access to Google Cloud credentials with appropriate API permissions for both setMetadata and getSerialPortOutput on one or more VMs.
- Using traditional network-based methods of lateral movement, the attacker can install malware on the system that communicates using the cloud API.
- The attacker can send commands to the victim machine by inserting them into custom metadata using a predetermined key.
- The victim system can continually read the key looking for commands and when one is found, the command is executed, and the output is sent to a predetermined serial port.
- The adversary continually reads from the serial port and waits to receive the output of the command.
A covert way of maintaining access to compromised systems
Andrew Johnston, the Mitiga principal consultant who wrote the blog, discounted the threat posed to organizations by the risky API behavior. “Provided you’re following all the other security guidelines—credentials are stored properly, accounts have only the permissions they need—there’s no real threat here,” he tells CSO. “The problem is those things are more easily said than done. Should an attacker gain access to a Google Cloud account with the proper permissions, they could use this attack vector to access systems.”
“The impact of this comes from it being a covert way of maintaining access to a compromised system,” Johnston adds. “It’s not something that would trigger alarms in a standard SOC environment.”
Although Mitiga hasn’t found the ABI behavior exploited in the wild, Johnston says it’s important to get the information to the Google Cloud community. “Sophisticated attackers are well aware of a number of attack vectors that are not available to the general public,” he says. “The best way to disarm groups like that is to identify these techniques and to publish them because when organizations are aware, they can improve their breach readiness.”