Google Workspace bug allows untraceable data theft from Drive files

Users who do not have a paid Google Workspace licence have their private drive actions left undocumented

San Francisco: Cybersecurity researchers have discovered a significant forensic security deficiency in Google Workspace that enables a hacker to exfiltrate data in Google Drive without any trace.

According to researchers from Mitiga Security, once a malicious user inside has accessed the organisation’s Google Drive, they can take action without being recorded at all.

---

This flaw affects only users who do not have a paid enterprise licence for Google Workspace.

Users who do not have a paid Google Workspace licence have their private drive actions left undocumented.

Hackers can disable logging and recording by cancelling their paid licence and switching to the free “Cloud Identity Free” licence.

This enables threat actors to exfiltrate files without leaving any trace, save for the indication that a paid licence was revoked, which is visible to administrators.

“A threat actor who gains access to an admin user can revoke the user’s license, download all their private files, and reassign the license,” the researchers said.

The experts also notified Google of its findings, who is yet to respond.

Meanwhile, hackers are targeting iPhones with previously unknown malware, via iMessage to, gain complete control over the iOS device and spy on users.

Cybersecurity company Kaspersky discovered the mobile Advanced Persistent Threat (APT) campaign targeting iOS devices with previously unknown malware.

Dubbed as ‘Operation Triangulation’, the ongoing campaign distributes zero-click exploits via iMessage to run malware gaining complete control over the device and user data, with the final goal to “hiddenly spy on users”.