risks / Account discovery
Description
Allows an attacker to inventory system accounts. These accounts may then be further targeted for compromise to escalate access.
Risk: LOW
This risk may assist in additional attacks, or gain access to confidential data that do not create organizational risk on their own.
Mitigations
- Use least-privileged access
- Use multi-factor authentication for user accounts
- Rotate service-account credentials
- Prevent unencrypted service-account credential storage
- Monitor suspicious account access
- Remove or suspend inactive accounts
Links
- https://attack.mitre.org/techniques/T1078/
- https://attack.mitre.org/techniques/T1087/
- https://attack.mitre.org/techniques/T1550/
- https://attack.mitre.org/techniques/T1552/
Affected Privileges
An attacker may be able to exploit this risk if they gain any of the following privileges:
Google Cloud Platform
Google Workspace
© 2023–present P0 Security and contributors to the IAM Privilege Catalog