catalog logoThe IAM Privilege Catalog

risks / Data manipulation

Description

Allows an attacker to insert, delete, or manipulate organizational data. This may be done to evade detection or impact business/operational processes.

Risk: HIGH

Exploited in isolation, this risk has the potential to disrupt ancillary organization operations, cause reputational damage, or run afoul of compliance requirements.

Mitigations

  1. Data encryption
  2. Network segmentation
  3. Data backup
  4. Least privilege permissions

Links

  1. https:/​/​attack.mitre.org/​techniques/​T1565/​

Affected Privileges

An attacker may be able to exploit this risk if they gain any of the following privileges:

Google Cloud Platform

appengine.memcache.update
cloudfunctions.functions.call
cloudfunctions.functions.invoke
cloudfunctions.functions.sourceCodeSet
cloudkms.cryptoKeyVersions.useToSign
cloudsql.instances.import
cloudsql.users.create
cloudsql.users.update
container.nodes.update
container.services.proxy
iam.serviceAccounts.signBlob
pubsub.topics.publish
run.jobs.runWithOverrides
run.jobs.update
run.services.update

Kubernetes

core/nodes.update
core/services.proxy

Google Workspace

GROUPS_ALL
© 2023–present P0 Security and contributors to the IAM Privilege Catalog