A Lack of Event Logging in the Free-Subscription Version of Google Workspace Puts Enterprises at Risk of Data Theft
Researchers have exposed a security flaw in the free-subscription version of Google Workspace, which leaves enterprises open to insider threats and other potential data leaks. A team from Mitiga has discovered a critical “forensic security deficiency” in the popular hosted productivity application, which is attributed to the lack of log generation for users who don’t have a paid enterprise license for Workspace. Although users with a paid license, such as Google Workspace Enterprise Plus, enjoy the benefit of visibility into Google Drive activity through “drive log events,” those with a default cloud identity free license do not, the researchers have said. Therefore, organizations become blind to potential data manipulation and exfiltration attacks, limiting how quickly and effectively they can respond.
How Attackers Can Exploit the Google Drive Deficiency
There are two key scenarios in which the lack of visibility presents a problem. The first is when a user’s account is compromised by a threat actor, either by becoming an admin or merely by gaining access to that account. In this case, a threat actor who gains access to an admin user can revoke the user’s license, download all their private files, and reassign the license, the researchers have explained. Meanwhile, a threat actor who gains access to a user without a paid license but still uses the organization’s private drive can download all the drive’s files without leaving any trace. The second threat scenario would be most likely to occur during employee offboarding, when a corporate user, who isn’t assigned a paid license, potentially downloads internal files from his or her private drive or private Google Workspace without any notice due to the lack of logging.
How Enterprises Can Respond
Mitiga has reached out to Google about the issue, but the researchers have said that they have not yet received a response, adding that Google’s security team typically doesn’t recognize forensics deficiencies as a security problem. Mitiga has suggested that organizations using Google Workspace can take steps to ensure that the issue isn’t exploited. This includes keeping an eye out for certain actions in their Admin Log Events feature, such as events about license assignments and revocations.
Conclusion
The lack of event logging in the free-subscription version of Google Workspace has serious implications for enterprise users, as it leaves them vulnerable to data theft. For organizations, this security flaw highlights the importance of taking additional measures to protect their sensitive data. For Google, it is crucial to promptly address this issue to prevent potential attacks and to reassure its users that their data is being adequately protected.
<< photo by Glen Carrie >>
You might want to read !
- “Critical Security Flaw in Apple macOS Revealed by Microsoft: Potential SIP Protection Bypass”
- Google Cloud SQL Service Compromised: Severe Security Flaw Exposes Confidential Data
- “Discord Data Breach: Examining the Impacts of Customer Support Provider’s Security Flaw”
- KeePass Security Flaw Puts Master Passwords at Risk
- KeePass Users at Risk: PoC Tool Exploits Unpatched Vulnerability to Retrieve Master Passwords
- “Striking a Balance: Maintaining Cyber Competence Without Increasing Anxiety in the Workplace”
- Exploring the Implications of Amazon’s $30.8M Settlement for Ring Spying and Alexa Privacy Lawsuits.
- The Vulnerability of Jetpack WordPress Plug-in API Causes Widespread Website Updates
- Russia accuses US Intelligence of orchestrating iOS Zero-Click Attacks
- The Alleged Connection Between Apple, NSA, and iPhone Surveillance: Russia’s Accusations.
