Cloud Security

Google Mandiant warns of exposed serverless functions as attack vector

Laptop Screen Warning Alert: Cyber Attack, Virus, Malware, Spyware, System Hacked

IT Pro reports that Google's Mandiant has issued a warning regarding exposed serverless cloud functions, which can provide attackers with access to sensitive information and broader cloud environments. The cybersecurity firm is urging organizations to implement enhanced security measures to mitigate these risks.

Mandiant has observed an increase in public-facing serverless applications lacking authentication, often due to business needs. The rapid adoption of generative AI, including chatbots and image generation, is a significant factor, as these workflows rely on serverless functions. Attackers exploit vulnerabilities like local and remote file inclusion, and command injection to gain entry. Once inside, they attempt to escalate privileges by extracting secrets from application code, analyzing logic for further attack vectors, or exfiltrating service account bearer tokens via remote code execution. These compromised credentials allow threat actors to move laterally to adjacent systems, potentially leading to a complete environment takeover.

Mandiant recommends integrating security scanning, code reviews, and least-privilege identity and access management into CI/CD pipelines before deployment. They also advise isolating AI experimentation in sandboxes, restricting development environments, and ensuring AI-generated software adheres to Secure Software Development Lifecycle controls. For runtime, hosting public-facing Cloud Run services in isolated projects and restricting ingress traffic are crucial. Mandiant emphasizes that hardening serverless functions is only one part of a secure architecture, and a defense-in-depth strategy is critical to prevent lateral movement and data exfiltration.

Source: IT Pro

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds