November 16, 2023 at 07:00AM
Novel attack methods targeting Google Workspace and the Google Cloud Platform have been demonstrated, posing risks of ransomware, data exfiltration, and password recovery attacks. Threat actors could exploit vulnerabilities in Google Credential Provider for Windows (GCPW) to gain access to machines and bypass multi-factor authentication protections. These attacks highlight the need for robust cybersecurity measures.
Key Takeaways from the Meeting Notes:
– A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform, which could be used for ransomware, data exfiltration, and password recovery attacks.
– The attacks rely on an organization’s use of Google Credential Provider for Windows (GCPW), which offers mobile device management (MDM) and single sign-on (SSO) capabilities.
– An attacker with access to a compromised machine can extract an account’s refresh OAuth tokens and bypass multi-factor authentication (MFA) protections.
– The Golden Image lateral movement attack allows cloning machines with pre-installed GCPW, sharing the same password for all machines, and potentially compromising all machines.
– The third attack involves accessing plaintext credentials by leveraging the acquired access token to obtain the private RSA key required for password decryption.
– These attacks pose a serious threat and could lead to complete account takeover.
Please let me know if you need any further information or if there’s anything else I can assist you with.