risks / Account discovery

Description

Allows an attacker to inventory system accounts. These accounts may then be further targeted for compromise to escalate access.

Risk: LOW

This risk may assist in additional attacks, or gain access to confidential data that do not create organizational risk on their own.

Mitigations

  1. Use least-privileged access
  2. Use multi-factor authentication for user accounts
  3. Rotate service-account credentials
  4. Prevent unencrypted service-account credential storage
  5. Monitor suspicious account access
  6. Remove or suspend inactive accounts

Links

  1. https:/​/​attack.mitre.org/​techniques/​T1078/​
  2. https:/​/​attack.mitre.org/​techniques/​T1087/​
  3. https:/​/​attack.mitre.org/​techniques/​T1550/​
  4. https:/​/​attack.mitre.org/​techniques/​T1552/​

Affected Privileges

An attacker may be able to exploit this risk if they gain any of the following privileges:

Google Cloud Platform

Google Workspace

© 2023–present P0 Security and contributors to the IAM Privilege Catalog