Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎08-12-2025 08:18 PM
‎08-12-2025 08:18 PM

Google Cloud confirms attack

 Hi All

 

Google Confirms Cloud Hack Attacks — How to Protect Your Data Now

Introduction
Google has confirmed a new wave of cyberattacks targeting its Google Cloud platform, just days after a turbulent week of security alerts. Following Chrome browser vulnerabilities and account security warnings, the latest threat—known as a “dangling bucket” attack—poses serious risks to organizations and individuals who have deleted Google Cloud storage buckets but still reference them in applications or websites.

Key Details

What Is a Dangling Bucket Attack?
• Occurs when a Google Cloud storage bucket is deleted but its reference (URL or link) still exists in applications, websites, or code.
• Hackers can register the same bucket name and use it to serve malicious files or steal sensitive data from unsuspecting users or systems that continue to access it.

Google’s Official Advisory (August 😎
• Issued by Google engineers Raman Bansal and Maksim Shudrak.
• Warns that attackers can “hijack” these abandoned references to inject malware.
• Urges immediate security reviews for all Google Cloud projects.

Why It’s Dangerous
• Users and systems may unknowingly trust the old bucket link, assuming it’s still controlled by the original owner.
• Can lead to data theft, malware infections, and compromised applications.
• Particularly dangerous for organizations with large codebases or complex web infrastructures.

Three Immediate Actions to Take
1. Audit All References
• Search for and remove any links or dependencies pointing to deleted Google Cloud buckets.
2. Enable Bucket Retention Policies
• Use settings that prevent accidental deletion or allow recovery before permanent removal.
3. Implement Access Controls & Monitoring
• Restrict who can delete buckets and set up alerts for suspicious changes.

Why This Matters
Cloud infrastructure security is only as strong as its weakest link. Dangling bucket attacks exploit overlooked resources, allowing threat actors to infiltrate trusted data flows. With the increasing reliance on cloud services, a small oversight in configuration management can create a major breach point. Addressing this risk is not just about protecting individual files—it’s about maintaining the integrity of your entire digital ecosystem.

 

With respect to Keith King

 

https://www.linkedin.com/posts/keith-king-03a172128_google-confirms-cloud-hack-attacks-how-activity-...

 

Regards

 

Caute_Cautim

Reply
1 Reply
JoePete
Advocate I
‎08-20-2025 07:41 AM
‎08-20-2025 07:41 AM

It seems like the linchpin to this vulnerability is the ability to name a "bucket" the same as something that has been abandoned.

 

From a larger view, it's a healthy warning as our applications continue to sprawl. It's a different wrinkle on supply-chain security. While it often manifests as availability (some remote piece of data or code becomes inaccessible), as you note @Caute_cautim, it also makes each chunk of data or code a link in your virtual supply chain, and that's a much more complex thing. It's not too hard to check for unavailable/unset resources and have an application fail gracefully or pull some alternative, but it is an exponentially more involved task to confirm the integrity (and/or confidentiality) of that remote resource. If history is an indicator, despite the tools to do so, those corners are too easy to cut. Especially as we rush to develop and adopt AI, someone needs to be asking, "Do we know (and trust) where every bit of data and code is coming from?"

Reply
0 Kudos