Duping Cloud Functions: An Emerging Serverless Attack Vector
Summary:
Tenable Research identified a privilege escalation vulnerability in Google Cloud Platform’s Cloud Functions and its associated Cloud Build continuous integration and deployment services. The issue stemmed from the default Cloud Build service account, which was previously assigned excessive permissions during the function deployment process. This allowed an attacker with access to create or update a Cloud Function to escalate privileges by leveraging the default service account. Google has since addressed this issue by restricting the default permissions and releasing new organizational policies for more granular control.
Building on Tenable’s findings, Cisco Talos replicated the behavior in a controlled GCP environment, deploying a Debian server configured with Node Package Manager (NPM), Ngrok, and a custom Python server to simulate data exfiltration. By modifying the package.json file in a Cloud Run Function to include a malicious NPM package, Talos was able to simulate the unauthorized access of service account tokens. However, due to Google's patch, this specific method no longer yields access tokens, as confirmed by Talos through additional testing. Talos extended its research to assess if similar techniques could apply to other cloud platforms, including AWS Lambda and Microsoft Azure Functions. In these environments, Talos demonstrated that by using Node.js runtimes and publishing malicious packages to the NPM registry, adversaries could still perform enumeration activities even without privileged tokens. The modified package.json files enabled the execution of reconnaissance commands to gather system details and assess the cloud infrastructure.Security Officer Comments:
Examples of such enumeration include ICMP-based network discovery, detection of Docker environments via .dockerenv, investigation of CPU scheduling through PID 1, analysis of control group container IDs for mount point details, and execution of various system overview commands. These actions help attackers identify kernel versions, OS distributions, and privilege structures. Commands targeting user permissions and network configurations were also used to support potential privilege escalation and lateral movement. In AWS and Azure, Talos validated that these enumeration methods remain viable using their respective serverless compute functions.
As described in Tenable’s article, Google responded to their research by creating a remediation patch. This update altered the default behavior of Cloud Build and the default Cloud Build SA. Additionally, new organization policies were released to give organizations full control over which SA Cloud Build uses by default. While Google has implemented this remediation, Cloud Build services can still be used to execute non-privileged commands as a means of enumerating an environment.
Suggested Corrections:
Threat Hunting Recommendations
https://blog.talosintelligence.com/duping-cloud-functions-an-emerging-serverless-attack-vector/
https://www.tenable.com/blog/confus...n-vulnerability-impacting-gcp-cloud-functions
Tenable Research identified a privilege escalation vulnerability in Google Cloud Platform’s Cloud Functions and its associated Cloud Build continuous integration and deployment services. The issue stemmed from the default Cloud Build service account, which was previously assigned excessive permissions during the function deployment process. This allowed an attacker with access to create or update a Cloud Function to escalate privileges by leveraging the default service account. Google has since addressed this issue by restricting the default permissions and releasing new organizational policies for more granular control.
Building on Tenable’s findings, Cisco Talos replicated the behavior in a controlled GCP environment, deploying a Debian server configured with Node Package Manager (NPM), Ngrok, and a custom Python server to simulate data exfiltration. By modifying the package.json file in a Cloud Run Function to include a malicious NPM package, Talos was able to simulate the unauthorized access of service account tokens. However, due to Google's patch, this specific method no longer yields access tokens, as confirmed by Talos through additional testing. Talos extended its research to assess if similar techniques could apply to other cloud platforms, including AWS Lambda and Microsoft Azure Functions. In these environments, Talos demonstrated that by using Node.js runtimes and publishing malicious packages to the NPM registry, adversaries could still perform enumeration activities even without privileged tokens. The modified package.json files enabled the execution of reconnaissance commands to gather system details and assess the cloud infrastructure.Security Officer Comments:
Examples of such enumeration include ICMP-based network discovery, detection of Docker environments via .dockerenv, investigation of CPU scheduling through PID 1, analysis of control group container IDs for mount point details, and execution of various system overview commands. These actions help attackers identify kernel versions, OS distributions, and privilege structures. Commands targeting user permissions and network configurations were also used to support potential privilege escalation and lateral movement. In AWS and Azure, Talos validated that these enumeration methods remain viable using their respective serverless compute functions.
As described in Tenable’s article, Google responded to their research by creating a remediation patch. This update altered the default behavior of Cloud Build and the default Cloud Build SA. Additionally, new organization policies were released to give organizations full control over which SA Cloud Build uses by default. While Google has implemented this remediation, Cloud Build services can still be used to execute non-privileged commands as a means of enumerating an environment.
Suggested Corrections:
Threat Hunting Recommendations
- Audit and monitor SA permissions: Regularly audit and monitor SA permissions, with a particular focus on the default Cloud Build SA. Adhere to the principle of least privilege by removing any excessive permissions that are not essential for the SA’s operations.
- Alert setup for Cloud Functions: Establish alerts for any unusual or unauthorized creation or modification of Cloud Functions. Identify potentially malicious activities where an attacker may be attempting to exploit function deployments for privilege escalation.
- Inspect network traffic: Analyze network traffic for unusual patterns or connections that might indicate data exfiltration attempts. Pay attention to data being sent to unknown or unauthorized external endpoints, such as those using Ngrok or similar tunneling services.
- Verify NPM package integrity: Ensure the integrity and authenticity of NPM packages used within Cloud Functions. Prevent the execution of malicious scripts embedded in package.json files that could facilitate environment enumeration or other malicious activities.
- Detect environment enumeration: Detect and respond to signs of environment enumeration, such as ICMP discovery or system information gathering.
https://blog.talosintelligence.com/duping-cloud-functions-an-emerging-serverless-attack-vector/
https://www.tenable.com/blog/confus...n-vulnerability-impacting-gcp-cloud-functions