// Alert

Google Cloud threat report

Threat actors are increasingly exploiting Google Cloud Logging and AWS CloudTrail to evade detection and maintain unauthorized visibility into victim environments. Attack techniques include disabling logging, deleting logs, modifying encryption keys to render logs unreadable, log poisoning through S3/Cloud Storage permissions, and redirecting logs to attacker-controlled destinations. While organizations often assume logs are protected, these logging services lack uniform protection enforcement, enabling attackers to blind security monitoring and enable long-term reconnaissance. Defenders are advised to enforce strict access controls on logging APIs, enable log integrity validation and bucket locking, and implement continuous monitoring of logging configuration changes.

// Get alerts for Google Cloud