Google Cloud Storage Bucket contents downloaded without authentication

Classification:

attack

Tactic:

Technique:

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Goal

Detect unauthenticated access to an object in a GCS bucket (bucket_name).

Monitor GCS bucket (bucket_name) for get requests(@evt.name:storage.objects.get) made by unauthenticated users (@usr.id).

Investigate the logs and determine whether or not the accessed bucket: {{bucket_name}} should be accessible to unauthenticated users.