The most recent Threat Horizons Report from Google Cloud

The most recent Threat Horizons Report from Google Cloud has been released, providing strategic intelligence on threats to cloud enterprise users.

key takeaways from the report include:

  • Credentials factor into over half of incidents in Q1 2023

    • In Q1 2023 our Cloud incident response teams observed that credential issues continue to be a consistent challenge accounting for over 60% of compromise factors, which could be addressed by stronger identity management guardrails in place at the organisation level.

    • Misconfiguration accounted for 19% of compromise factors which were also associated with other compromise factors such as sensitive UI or APIs exposed which account.

    • An example of how these two factors are associated could include a misconfigured firewall that unintentionally provided public access to a UI.

    • Top risky actions that can lead to compromises: cross-project abuse of access token generation permission, replacement of existing compute disks/snapshots, service account key creation, and GCE project SSH keys.

  • Mobile Apps Evading Cloud Enterprise Detection through Versioning

    • Researchers have identified instances of Android applications downloading malicious updates after installation, attempting to evade Google Play Store's malware detections.

    • Campaigns using versioning commonly target users’ credentials, data, and finances.

    • In an Enterprise environment, versioning demonstrates a need for defense in-depth, including but not limited to, limiting application installation sources to trusted sources such as Google Play or managing corporate devices via a mobile device management (MDM).

  •  Identifying Compromised Customer Domains and IPs on Google Cloud

    • Using 2022-23 VirusTotal (VT) and Mandiant data, Google discovered 19 customer domains and one IP hosted on Google Cloud, compromised in Q1 2023.

    • Each of the uncovered 19 websites had at least one malicious file downloaded from it; while the one IP had bi-directional communications with external malware, using ports above the well-known port range (i.e. numbering 1024-65535).

  •  Telecommunications Industry Profile: Cloud Adoption Requires Zero Trust Approach to Address Threats Amid Growing Systemic Cyber Risk Concerns

    • As the telecommunications industry adopts cloud services, threats from nation states and cybercriminals will likely persist—along with pre-existing systemic cyber risk—that require modern cybersecurity approaches such as Zero Trust (ZT) to address.

    • The most frequently targeted telecom subsectors observed by Mandiant over the last two years include wireless telecommunications, IT and telecom services, and data services.

    • Geopolitical activity is likely driving state actors to focus on targeting the telecom industry while financially motivated cybercriminals are evolving their tools and methods for doing so.

    • Digital security threats to telecom industry business continuity and use of legacy systems will likely persist, along with increased focus on cloud service providers, as the industry continues migrating critical IT operations and business support systems to the cloud.

    • Modern cybersecurity approaches such as ZT combined with cloud services can help the telecom industry create and secure new services, maintain resiliency of operations, and reduce risk of data breaches.

  • Threat Insights: Implications of Source Code Leaks

    • This article increases awareness of how compromises or leaks of source code can help cyber threat actors facilitate a variety of exploitation activities, including exposure and abuse of legitimate credentials and certificates, unauthorised reproduction and use of leaked software, the development or insertion of vulnerabilities, and supply chain compromise.

    • Common Causes of Source Code Leaks: While credential or authentication token compromise are often cited as causes for source code incidents, there have been cases in which a compromise of a third-party service involved in hosting the code or the continuous integration/continuous development (CI/CD) process led to compromises of users of these services, as well as malicious insider incidents and misconfigurations

    • Mitigation recommendations for code repositories and third-party resources reflect commonly cited IT security best practices, including adhering to the principle of least privilege, network segmentation, and log monitoring.

  •  Leveraging third-party services while reducing risk

    • Bad actors looking to evade detection can exploit these trusted relationships to gain access to organisations through supply chain attacks. These threats can be categorised as reputable third parties being compromised or bad actors intentionally creating malicious third-party services and luring users to use them.

    • Though each offers different levels of security to help secure their users and reduce risk - they are essentially black boxes for organisations integrating with them. We highlight where malicious behaviour has been observed, where we assess threat actors may target, and measures organisations can take to mitigate these risks.

Got a news tip for our journalists? Share it with us anonymously here.

Send press releases or job postings to [email protected]. Other ways to contact us. Editorially, we may rewrite headlines and descriptions.

Recommend Redwires AU: Accessible News For Young Cybersecurity Aussies

Redwires AU provides Young Australians with easily accessible, curated cybersecurity news.

✍️ Cyber Job Corner ✍️

Cyber Security Graduate Officer (Western Australia)

  • Level 3, $79,156 pa - $84,977 pa, PS CSA Agreement 2022

  • Position Number: Pool Ref DPCT3875

  • Work Type:  Fixed Term - Full Time

  • Closing Date: 2023-08-28 4:00 PM

Some of WA’s largest Government agencies have joined forces to offer a 12-month rotational graduate program. Upon successful completion of the program, you will be permanently appointed to an agency to continue your professional development.

Secure your future and help safeguard WA’s digital infrastructure!

The Opportunity

This is a great opportunity to join an innovative program which will see graduates contributing their skills and ideas to projects across the public sector. Over 12 months, graduates will rotate through three government agencies and develop skills in Cyber Security.

Throughout this program, graduates will have the opportunity to rotate and work across agencies such as:

  • The Department of Primary Industries and Regional Development offers expertise, fortified defences, and continuous monitoring to ensure our operations remain resilient and protected.

  • With cyber security we protect the Department of Biodiversity, Conservation and Attractions people and technology used to manage Western Australian parks and attractions.

What you will get

You will get the opportunity to join dynamic teams of dedicated and talented people from cyber security, technical, and policy backgrounds who will mentor and support you, assisting you to succeed in your role.

You will provide support for the identification and implementation of cyber security controls, undertake security and event monitoring; and respond to cyber security incidents and perform analysis of potential incidents across networks. You will also get:

  • A structured rotational program with a customised rotational development plan

  • A diverse support network across agencies and the wider public sector

  • Personal and professional development via participation in the Public Sector Commission Launch Program

  • Permanent position at the conclusion of the program, subject to satisfactory performance.

What we are looking for

We are looking for agile, innovative problem solvers and keen learners who are ready to make a difference in the public sector.

You will have excellent attention to detail and an ability to think big whilst communicating your ideas.

If you want to contribute to work that has long-lasting impacts, then we want to hear from you!  

Enthusiastic graduates who completed their bachelor’s degree in Science, Technology, Engineering, Maths, or related Cyber Security degree between 2021 and 2023 inclusive, are welcome to apply. Students must be an Australian citizen or have Permanent Residency at the time of applying.

The Benefits

  • 11% superannuation contribution, increasing to 12% by 1 July 2025

  • Onsite facilities, including bike lockers, fully equipped change rooms and personal lockers.

  • Three additional days of leave per year (public service holidays).

Get ready to apply. It’s simple.

Click ‘Apply for Job' at the bottom of this advertisement and please submit:

  • A copy of your most recent academic transcript.

  • current CV,outlining your academic and work experience, interests, and hobbies.

  • Two (2) page written application outlining the following:

    • Why you are interested in the Cyber Security Graduate Program and how your personal values align with working in the public sector?

    • Describe a time where you used your communication, research and analysis skills to overcome a challenge. How did you contribute to the outcome?

    • Tell us why you believe Cyber Security is important?

The extra bits

For further information on the Interagency Cyber Security Graduate Program, please refer to the attached Job Description Form (JDF). Alternatively, please contact Natasha Williams Principal Policy Officer on (08) 6552 5799 or email [email protected]

(not to be contacted for assistance with lodging your application). 

What happens next?

Shortlisted candidates will be contacted to complete a face to face interview which are currently scheduled for September. Unsuccessful candidates can obtain feedback at the end of the recruitment process.

Diversity and Inclusion

We encourage Indigenous Australians, young people, people with disabilities, people from culturally diverse backgrounds and women to apply for this position.

We are committed to providing an inclusive workplace that genuinely values diversity of thought, perspective, and experience.

Reasonable adjustments will be made to ensure you feel comfortable to work at your best.

Applications are to be received no later than 4:00 pm, 28 August 2023.

Please ensure you allow sufficient time to submit your application as late applications will not be accepted.

⚠️ Be careful

When applying for jobs, avoid giving your bank or credit card information.

Please mention Redwires AU in your application.

⚠️ Report Job

Before you go..

You can get RedWires AU for free right now. Your donation, no matter how big or small, will help us keep doing honest journalism.

The readers of Redwires AU are the engine that drives our publication. Add your support to the effort to create a sustainable future for journalism that does not make compromises in the AU.

In the world we live in now, accurate and thorough reporting and analysis are becoming more and more critical. To stop the spread of false information, it's essential that everyone in Australia has access to good reporting.

The Redwires AU contributes to society by opening up access to information and resources for all people, rather than just a select few.

Our only goal is to educate the general public more thoroughly. If you believe in what we're trying to accomplish here, please consider making a contribution right away to ensure our success in the years to come.

Upgrade your subscription to get the most out of it. Join the growing number of people around the world who believe in the power of independent media.