Cyber Security Threat Summary:
A critical design flaw in Google Cloud Build has been discovered by cloud security firm Orca Security, allowing hackers to launch supply chain attacks. The flaw, named Bad.Build, enables attackers to escalate privileges and gain unauthorized access to Google Artifact Registry code repositories. By impersonating the service account for Google Cloud Build, threat actors can run API calls against the artifact registry, inject malicious code into applications, and potentially compromise the entire supply chain.

Security Officer Comments:
This vulnerability poses significant risks, including disrupting applications, data theft, and spreading malware. While Google has implemented a partial fix by revoking certain permissions, the underlying vulnerability in the Artifact Registry remains unresolved. This is still relatively newly disclosed information. The IT-ISAC will continue to monitor and report to the membership when additional details are disclosed.

Suggested Correction(s):
Organizations are advised to closely monitor the default Google Cloud Build service account, adhere to the Principle of Least Privilege, and employ cloud detection and response capabilities to detect anomalies and reduce the risk of supply chain attacks. Additionally, Google Cloud Build customers should customize their service account permissions and remove excessive entitlement credentials.

Link(s):
https://www.bleepingcomputer.com/