Researchers at Bitdefender have reported discovering vulnerabilities in Google Workspace and Google Cloud Platform which, after first compromising the local machine, could allow threat actors to extend their activities to a “chain reaction” network-wide breach, potentially leading to ransomware attacks or data exfiltration.
The researchers say that, for example, starting from a single compromised machine, threat actors could: “move to other cloned machines with GCPW installed, gain access to the cloud platform with custom permissions, or decrypt locally stored passwords to continue their attack beyond the Google ecosystem.”
Bitdefender says it “responsibly disclosed” its findings to Google but says Google has confirmed “no plans” to address the findings, because it is outside of their specific threat model.
The advice to businesses is to strengthen detection and response capabilities (e.g. by investing in threat detection solutions, to identify and respond to unusual or unauthorised access attempts swiftly) and to have an incident response plan to address local device compromises.