"Threat Actors Can Exfiltrate Data From Google Drive Without Leaving a Trace"
According to Mitiga researchers, Google Workspace has a vulnerability that prevents the discovery of data exfiltration from Google Drive. Using 'Drive log events,' Google Workspace provides visibility into an organization's Google Drive resources, logging actions such as copying, deleting, downloading, and viewing files. Events involving external domains, such as sharing an object with an external user, are also recorded. By default, Google Drive users begin with a 'Cloud Identity Free' license, and their organization's Information Technology (IT) administrator assigns them a paid license. Researchers discovered that when this paid license is not assigned, there are no log records of actions in the user's private drive, leaving organizations in the dark about data manipulation and exfiltration actions performed by users or external attackers. This article continues to discuss the possibility of threat actors exfiltrating data from Google Drive without leaving a trace.