Specialists have uncovered a technique for hackers to steal information from folks’s Google Drive accounts with out leaving any hint of the information they obtained away with.
Cybersecurity researchers from Mitiga Safety have revealed findings claiming the issue lies in the truth that for customers with no paid license for Google Workspace, nothing is logged and there aren’t any data of any actions a consumer would possibly make of their non-public drive.
Meaning ought to a menace actor compromise a cloud storage account, they may simply revoke their paid license, bringing the account again to the “Cloud Id Free”, costless license, and thus turning off any logging or record-taking options. After that, they’d have the ability to exfiltrate any and all information with out leaving a single hint. The one factor an admin would later see is that somebody revoked a paid license.
Mitiga says it notified Google of its findings, who’s but to reply.
Figuring out which information had been taken throughout an information breach is a necessary a part of any autopsy or hacking forensics course of. It helps the victims decide what kind of knowledge was taken, and thus conclude if there’s any hazard of potential id theft, wire fraud, or comparable.
Correct logging can also be one of many normal methods for IT groups to maintain observe for potential incursions earlier than they can trigger any critical harm.