Google Drive Flaw Allows Hackers To Exfiltrate Data Within Google Workspace

Posted on June 6, 2023 at 8:05 AM

Google Drive Flaw Allows Hackers To Exfiltrate Data Within Google Workspace

A recent report by cybersecurity researchers has conducted an intensive investigation into the techniques used to exfiltrate data within Google Workspace. Google Drive is among the most-used cloud-based storage platforms, and it has been frequently targeted by hackers because of its massive potential and capabilities.

Google Drive bug allows hackers to steal data without detection

Data theft has become increasingly popular in recent years. This technique is now being used by threat actors after they have secured unauthorized access to a platform. Data theft is largely used by hackers as it operates as a common attack vector where these attackers can access a variety of information.

The report exposing the security flaw on Google Drive was revealed by a research team at Mitiga. The team at Mitiga has conducted an intensive investigation into the techniques used to exfiltrate data within the Google Workspace environment. Google Workspace is one of the largely used ecosystems, and the flaw shows the significance of the platform and the attack method used.

The research is part of the efforts being made by the Mitiga research team to explore and understand cloud services and Software as a Service (SaaS) attacks while also conducting forensic practices.

The malicious threat actors that are behind this campaign have frequently targeted vulnerabilities to exploit them and cause damage. The flaws in question exist within Google Drive, and exploiting them allows hackers to gain unauthorized access to these devices, where they can steal user data and sensitive files.

Experts that are researching this exploit are now conducting an in-depth analysis into the matter that has exposed the deficiency in the forensic measures used by Google Drive. The flaw also allows the hackers to exfiltrate data from Google Drive without being detected.

Google Workspace is a platform that also provides more transparency when it uses the “Drive log events” to monitor and track the different actions that have been conducted on the Google Drive resources that are owned by a company. However, the reliability of this platform has now been compromised because of these attacks.

Security on Google Workspace

Google Workspace is one of the most sensitive spaces on the platform. Google Workspace records different events that are captured and stored to offer an extensive record of interactions that have happened with external users.

This practice is also restricted in nature to the actions that have been conducted by the hackers that hold a paid license. This practice forms the main limitation of this issue, but the restriction is also a major challenge that needs to be addressed.

All users on Google Drive are initially offered a “Cloud Identity Free” license that serves as the default option. The license offers basic access and functionality to the user within the Google Drive ecosystem.

However, there is an issue with the absence of clear visibility. This issue poses a major challenge in several areas, which will result in complications. If a hacker compromises the user account of the administrator, they can be in charge of different actions. The system will also generate log records for these actions by revoking and assigning licenses.

If a malicious actor gains unauthorized access to a user account that does not have a paid license but can gain access to the private drive of the organization, the issue will raise significant concerns about security.

One of the flaws that can be exploited by the attackers is during the employee offboarding process. In this kind of situation, an employee departs from a company, leading to their license being revoked before the Google user account has been removed or disabled.

The employee will also have the ability to download internal files directly from the private drive if they have not been given prior notification. If the organization does not hold a paid license but it can still access the private drive, it will download the files in the drive without creating any log records.

The researchers at Mitiga have reached out to the security team at Google regarding this issue. However, these researchers have not secured an official response that will be incorporated into the advisory.

The researchers have also said there is a need to regularly search for threats within Google Workspace, with the focus being on detecting and investigating the activity that has been conducted by the hackers to guarantee that there is a reduced risk of the effects being felt on the targeted devices.

Google Drive Flaw Allows Hackers To Exfiltrate Data Within Google Workspace
Article Name
Google Drive Flaw Allows Hackers To Exfiltrate Data Within Google Workspace
Researchers have detected a flaw in Google Drive. The flaw enables hackers to exfiltrate data within Google Workspace. Google Drive has often been targeted by hackers.
Publisher Name
Publisher Logo

Share this:

Related Stories:


Get the latest stories straight
into your inbox!


Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading