This Google Workspace security flaw could let hackers quietly steal your Drive files
Logging feature is only reserved for paid Google Workspace accounts
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Experts have uncovered a method for hackers to steal data from people’sGoogle Driveaccounts without leaving any trace of the files they got away with.
Cybersecurity researchers from Mitiga Security have published findings claiming the problem lies in the fact that for users without a paid license forGoogle Workspace, nothing is logged and there are no records of any actions a user might make in their private drive.
That means should a threat actor compromise acloud storageaccount, they could easily revoke their paid license, bringing the account back to the “Cloud Identity Free”, costless license, and thus turning off any logging or record-taking features. After that, they’d be able to exfiltrate any and all files without leaving a single trace. The only thing an admin would later see is that someone revoked a paid license.
Lacking controls
Mitiga says it notifiedGoogleof its findings, who is yet to respond.
Clop ransomware may have infected even more victims than previously thought>Saks Fifth Avenue becomes latest Clop ransomware victim>Check out the best cloud storage right now
Identifying which files were taken during a data breach is an essential part of any post-mortem or hacking forensics process. It helps the victims determine what type of data was taken, and thus conclude if there is any danger of potentialidentity theft, wire fraud, or similar.
Proper logging is also one of the standard ways for IT teams to keep track for potential incursions before they are able to cause any serious damage.
Via:SiliconAngle
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
I’ve used Genmoji and now I’m convinced Apple Intelligence will be a huge success
