Logging feature is only reserved for paid Google Workspace accounts
Experts have uncovered a method for hackers to steal data from people’s Google Drive accounts without leaving any trace of the files they got away with.
Cybersecurity researchers from Mitiga Security have published findings claiming the problem lies in the fact that for users without a paid license for Google Workspace, nothing is logged and there are no records of any actions a user might make in their private drive.
That means should a threat actor compromise a cloud storage account, they could easily revoke their paid license, bringing the account back to the “Cloud Identity Free”, costless license, and thus turning off any logging or record-taking features. After that, they’d be able to exfiltrate any and all files without leaving a single trace. The only thing an admin would later see is that someone revoked a paid license.
Lacking controls
Mitiga says it notified Google of its findings, who is yet to respond.
Identifying which files were taken during a data breach is an essential part of any post-mortem or hacking forensics process. It helps the victims determine what type of data was taken, and thus conclude if there is any danger of potential identity theft, wire fraud, or similar.
Proper logging is also one of the standard ways for IT teams to keep track for potential incursions before they are able to cause any serious damage.
- Adenman and Karlston
-
2
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.