‘CloudImposer’ attack targets Google Cloud services
The team with Tenable Research said that the flaw, dubbed “CloudImposer,” would allow a remote attacker to execute code on a cloud server without the need for any authentication or access rights.
Should an attacker exploit the vulnerability, they could create poisoned cloud instances that would set the stage for a supply chain attack in which a service provider is compromised in order to attack numerous customers that rely on a single service.
Tenable researcher Liv Matan explained that the bug is a result of dependency confusion error. In short, Google Cloud Platform (GCP) was not properly checking the bundled services that were preloaded when a new cloud instance was spun up.
This meant that an attacker could have potentially pointed a new cloud server towards a malicious library and then created thousands of poisoned cloud instances.
While Google has since addressed the flaw, Matan lamented that such vulnerabilities are nothing new and could likely impact other vendors.
/cdn.vox-cdn.com/assets/3212351/RSG_GTAV_Screenshot_344.jpg)
