risks / Lateral movement

Description

Allows an attacker to gain access to additional components within a service, or to additional services within the system. Often occurs when an attacker can gain access to an additional identity (e.g., a service account) that has broader access.

Risk: BOOST

This risk allows an attacker to significantly increase the scope of an attack, or the sensitivity of accessed systems.

Mitigations

  1. Use least-privileged access
  2. Rotate service account credentials
  3. Prevent unencrypted service-account credential storage
  4. Monitor suspicious account access

Links

  1. https:/​/​attack.mitre.org/​techniques/​T1550/​

Affected Privileges

An attacker may be able to exploit this risk if they gain any of the following privileges:

Google Cloud Platform

Kubernetes

Google Workspace

© 2023–present P0 Security and contributors to the IAM Privilege Catalog