gcp Google Cloud Blog ·

Securing Serverless Applications Against Common Attacks on GCP

blogsecuritygcpengineerfinanceretailmediagovernmentgcp-cloud-rungcp-cloud-storagegcp-compute-enginegcp-cloud-functions
announcement security

Mandiant highlights risks of publicly exposed serverless applications on Google Cloud, such as Cloud Run, lacking authentication. Exploiting vulnerabilities like LFI and command injection can lead to full cloud environment compromise, a growing concern with increased AI usage. This post details attack scenarios and provides hardening guidance, applicable to any public serverless deployment, emphasizing secure secrets management and least privilege principles for service accounts.

  • Serverless Applications: Benefits and Risks
  • Attack Vectors: Initial Access and Lateral Movement
  • Local File Inclusion (LFI) Attack Scenario
  • Code Execution/Command Injection Attack Scenario
  • Consequences of Compromised Service Accounts
Enhancements (1)
  • Hardening Recommendations for Serverless Environments

    Mandiant advises implementing hardening strategies for serverless deployments, especially those that must remain publicly accessible. Key recommendations include securing secrets management by utilizing solutions like Secret Manager and applying least privilege principles to service accounts.

Notes (5)
  • Serverless Applications: Benefits and Risks

    Serverless applications, or Function-as-a-Service (FaaS), enable scalable microservices without infrastructure management, but can be targets for attacks like LFI and command injection due to custom code and third-party packages. This is particularly relevant with the rise of AI workflows relying on serverless architectures.

  • Attack Vectors: Initial Access and Lateral Movement

    Publicly exposed serverless workloads can be an entry point for attackers who exploit code vulnerabilities or runtime issues. Common post-exploitation techniques include extracting secrets, analyzing application logic for further exploits, and exfiltrating service account bearer tokens to pivot to other cloud resources.

  • Local File Inclusion (LFI) Attack Scenario

    An example demonstrates an LFI vulnerability in a Python/Flask Cloud Run function where unvalidated user input is used to open files. Attackers can exploit this to retrieve sensitive files like source code, configuration files, or system files, revealing hardcoded secrets or enabling further attacks.

  • Code Execution/Command Injection Attack Scenario

    A scenario illustrates how unsanitized user input in a Python function can lead to arbitrary command execution. This can enable attackers to extract service account bearer tokens from the GCP metadata service, allowing them to impersonate the service account and potentially take over the GCP project.

  • Consequences of Compromised Service Accounts

    If a serverless service account has excessive permissions (e.g., Editor role), a compromised bearer token can lead to a full GCP project takeover. Attackers can then read/write/delete resources, deploy new services, access secrets, exfiltrate data, and establish persistent backdoors.

Read the original announcement →

https://cloud.google.com/blog/topics/threat-intelligence/exposed-cloud-functions-harden/

Related releases