An artificial intelligence consultant (AI) from the Australia he had A$25,672.86 (Australian dollar), approximately R$91,237.24, charged on your bill Google Cloud after an attacker exploits a Cloud Run service.
And, no. This was not a case of simple negligence on the part of the user. The situation happened even with configured budget to A$10 and multiple layers of security active on the account.
For those who are out of the loop, a brief context: Jesse Daviesfounder of Agentic Labs and AI consultant in Australia, woke up earlier this month to a notice of charge which exceeded by more than 2,500x (times) the budget limit established for your account Google Cloud.
Davies kept practices of robust security to your environment in Google AI Studio. The configuration included keys API separated by projectaccounts split billing, two-factor authentication active and audit records of Cloud enabled.
The set of measures, however, was bypassed put a single vulnerability in the service ecosystem of Google Cloud.
How a down Cloud Run service allowed unauthorized access
The incident originated from a Cloud Run service what Davies had published months earlier through the AI Studio. The invader no need to steal credentials or intercept API keys to perform the action.
It was enough find the public URL of the servicewhich remained accessible, although it was not indexed in search engines or shared on any channel.
From that point on, the Google Cloud’s own proxy signed each request made to the service (by the attacker) using the API key stored as environment variable in text simple inside the container Cloud Run.
The system architecture validated the calls of the criminal as if they were legitimatewithout triggering any containment mechanism.
Automatic tier update removed protection ceiling during attack
The account of Davies initially operated in Tier 2 of Google Clouda category that imposes a spending limit of $2,000. So, in theory, he would be safe, right? Wrong…
During the early morning of the incidentwhen the volume of charges surpassed the threshold of US$ 1,000the system of Google carried out a automatic promotion for the next tier without issuing any notification to the account holder.
The new tier, offered promotionally to the attacker, raised the spending cap to a range between $20,000 and $100,000.
The functionality of autoscaling Its purpose is to allow services to grow without interruptions due to charging blocks.
Node context of an attackhowever, the mechanism further increases the financial loss to the remove the only barrier which could have stopped charges still running into thousands of dollars.
When the budget alert finally arrived the next morning, A$10,000 (~ R$ 35,538.40) had already been debited from the credit card of Davieswhich began to operate with an insufficient balance for other transactions.
While he still awaiting response from Google supportplus A$15,000 (~ R$ 53,307.60) were processed on the same account.
Nine security features were disabled by default
Davies later identified 9 security features of Google Cloud which, if active, could have blocked or mitigated the incident. All were disabled in the platform’s default settings.
The discovery adds a layer of complexity already problematic caseas it indicates that even users with advanced technical knowledge may be exposed to breaches that depend on undocumented manual settings appropriately.
Contact with the human support of Google Cloud he took several days to be established. THE charge he was later canceled by the company and the transactions that came to be processed they were reversed by the financial institution of Davies.
THE episodealthough, It’s not completely finished yet.. A meeting with managers of the Google is scheduled to discuss the details of the case and the system failures that allowed it to occur.
Other users report charges of up to US$128,000 on specialized forums
Davies shared his story on subreddit r/googlecloud and asked other users about similar experiences. The responses confirmed a pattern of incidents involving disproportionate charges associated with APIs of Google Cloud.
A user of Japan described having received a initial invoice from US$44,000 (~ R$ 218,468.80) which continued to grow until it reached US$128,000 (~ R$ 635,545.60) even after manual pause from the API.
In the month prior to the case of Daviesanother documented incident involved the misuse of a API key what resulted in US$82,314.44 (~ R$ 408,707.66) in accumulated charges, and all of this on an account whose usual monthly consumption was around US$ 180 (~ BRL 893.74).
Unique API Key Format and Gemini Activation Increase Attack Range
THE enterprise of security cybernetics Truffle Security Co. had previously highlighted the structural risks related to the unified API key format used by Google Cloud.
These keys originally functioned only as project identifiers. From the moment the Gemini API is activated in any project in the Google Cloudthese same keys are automatically converted into valid credentials for the model Generative AI.
THE silent conversion means that anyone with access to the key can generate Gemin API callsie accumulate charges of AI usage in the project owner’s account.
The mechanism remains active unless more restrictive policies are implemented by Google regarding the activation of the Gemini and legacy credential management.
Source: Tom’s Hardware
Source: www.adrenaline.com.br
