catalog logoThe IAM Privilege Catalog

risks / Data destruction

Description

Allows an attacker to delete organizational data. May cause interruption of services (including critical operations of the organization) and significant legal liability. Data loss can be either permanent or temporary, and is mitigated by frequent data backup.

Risk: CRITICAL

Exploited in isolation, this risk has the potential to disrupt central organizational operations, destroy trust, or create significant liability. Alternatively, this risk gives attackers access to broadly provisioned identities that enable the above impacts (such as root privilege escalation risks).

Mitigations

  1. Data backup

Links

  1. https:/​/​attack.mitre.org/​techniques/​T1485/​

Affected Privileges

An attacker may be able to exploit this risk if they gain any of the following privileges:

Google Cloud Platform

bigquery.datasets.delete
bigquery.datasets.update
bigquery.models.delete
bigquery.tables.delete
bigquery.tables.deleteSnapshot
bigquery.tables.restoreSnapshot
bigquery.tables.updateData
cloudfunctions.functions.delete
cloudsql.databases.delete
cloudsql.instances.delete
cloudsql.instances.restoreBackup
cloudsql.users.create
cloudsql.users.update
compute.backendBuckets.delete
compute.backendBuckets.update
compute.backendServices.update
compute.disks.delete
compute.disks.use
compute.images.delete
compute.instanceGroupManagers.update
compute.instances.delete
compute.instances.osAdminLogin
compute.instances.osLogin
compute.instances.reset
compute.instances.setDeletionProtection
compute.instances.setDiskAutoDelete
compute.instances.setMetadata
compute.instances.setScheduling
compute.instances.simulateMaintenanceEvent
compute.instances.stop
compute.instances.update
container.clusters.delete
container.clusters.update
container.namespaces.delete
container.nodes.delete
datastore.entities.delete
datastore.entities.update
firebase.projects.delete
pubsub.snapshots.delete
pubsub.snapshots.update
pubsub.topics.delete
resourcemanager.projects.delete
secretmanager.secrets.update
storage.buckets.delete
storage.objects.delete
© 2023–present P0 Security and contributors to the IAM Privilege Catalog