Google Cloud Storage HMAC Key
Service Name: Google Cloud Storage
Service Description: Google Cloud Storage is a RESTful online file storage web service for storing and accessing data on Google Cloud Platform infrastructure. It provides secure, durable, and highly-available object storage.
Service Address: https://cloud.google.com/storage
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the project level using VPC Service Controls or IAM conditions.
Secret Access Scope: HMAC keys grant access to Google Cloud Storage buckets and objects with the permissions defined by the service account associated with the key.
Secret Revokement URL: https://console.cloud.google.com/storage/settings;tab=interoperability
Secret Example: GOOG1EYAIQAFL63JSFPXJGQFCKWU2SKQGDWRFGPZXPZ5GKRY6EOFA3CBBZQ
Suspicious Activity Investigation Instructions:
- Review Cloud Audit Logs for unusual storage access patterns or operations
- Check for unexpected data transfers or downloads from your storage buckets
- Monitor for unauthorized bucket or object creation, deletion, or modification
- Examine access logs for requests from unusual geographic locations or IP addresses
- Verify if there are any policy changes or permission modifications to your storage resources
Mitigation Instructions:
- Immediately deactivate the compromised HMAC key in the Google Cloud
Console
- Navigate to Cloud Storage > Settings > Interoperability tab
- Find the compromised key and click "Deactivate"
- Create a new HMAC key if needed with appropriate permissions
- Review and update IAM permissions for the associated service account
- Enable object versioning on critical buckets to protect against data loss
- Consider implementing VPC Service Controls to restrict access to your storage
resources
- Set up alerting for unusual storage access patterns or operations