Google Workspace Bug Enables Untraceable Data Theft from Users' Google Drive Accounts

Google is yet to issue a statement.

Cybersecurity researchers have exposed a critical vulnerability in Google Workspace that enables threat actors to steal data from users' Google Drive accounts without any trace, TechRadar tells us in a report.

This flaw pertains specifically to users who do not possess a paid enterprise license for Google Workspace.

The researchers have notified Google about the issue but have not received a response. Read more about the details of the vulnerability, its potential implications, and recommendations for mitigation.

Untraceable Data Exfiltration

Researchers from Mitiga Security found that users without a paid Google Workspace license have their actions within their private drives left undocumented.

Threat actors can turn off logging and record-taking features by revoking their paid license and switching to the costless "Cloud Identity Free" license.

This allows them to exfiltrate files without leaving any evidence, except for the indication that someone revoked a paid license, visible to administrators.

Mitiga's Recommendations

SiliconAngle reports that Mitiga Security responsibly disclosed the vulnerability to Google before publicizing its findings. However, Google has yet to respond to the researchers' notification.

In light of this vulnerability, the researchers advise regular monitoring of Admin Log Events within Google Workspace, focusing on license assignment and revocation activities.

Rapid and suspicious changes in license actions could indicate a potential threat. Organizations should prioritize implementing dedicated tooling and policies to address such gaps in SaaS data security.

Importance of Logging and Forensics

Experts say identifying the files compromised during a data breach is crucial for conducting post-mortem analyses and hacking forensics.

This information assists victims in understanding the nature of the stolen data and assessing the potential risks of identity theft or wire fraud.

Moreover, logging is a fundamental tool for IT teams to monitor potential security breaches before significant damage occurs.

Industry Expert's Insights

Corey O'Connor, Director of Products at DoControl Inc., a software-as-a-service security company, emphasized the gravity of the situation.

O'Connor tells SiliconAngle that applications like Google Drive and Google Workspace are considered Tier 0 apps, and many organizations lack adequate controls to prevent unauthorized access to critical data.

The absence of security controls and the lack of event logging leave Google Workspace users exposed with minimal visibility into data access.

O'Connor stressed the need for organizations to adopt dedicated tooling and policies to address these SaaS data security gaps.

What's In the News

The vulnerability uncovered by Mitiga Security highlights a significant flaw in Google Workspace's logging and record-keeping system, allowing threat actors to steal data from users' Google Drive accounts undetected.

The lack of visibility increases the risk of unauthorized data access and compromises overall data security. Organizations must prioritize implementing robust security controls and regularly monitor administrative logs to identify any suspicious license-related activities.

Google's response to this issue and subsequent corrective measures will be critical in ensuring the protection of user data within Google Workspace.

Stay posted here at Tech Times.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics