Wednesday, December 25, 2024

New G-Door Vulnerability Lets Hackers Bypass Microsoft 365 Security With Google Docs

Must read

A newly discovered vulnerability, dubbed “G-Door,” allows malicious actors to circumvent Microsoft 365 security measures by exploiting unmanaged Google Docs accounts. This security flaw poses a significant threat to organizations relying on Microsoft 365’s Conditional Access (CA) policies for protection.

According to Potsolutions the G-Door vulnerability stems from the ability to create personal or workspace Google accounts using a company’s domain name. These unmanaged accounts can then access third-party applications, bypassing Microsoft 365’s security controls.

G-Door Vulnerability Security Risks

  1. Circumventing Conditional Access: Users or attackers can create Google accounts with corporate email addresses, sidestepping crucial security measures like multi-factor authentication (MFA), device compliance checks, and geolocation restrictions.
  2. Lack of Visibility: Activity from these unmanaged accounts doesn’t appear in Microsoft 365 Admin Center logs, hindering incident response and anomaly detection.
  3. Data Exposure: Sensitive information stored in Google Drive or created in Google Docs isn’t subject to corporate Data Loss Prevention (DLP) or Azure Information Protection (AIP) policies.
  4. Persistent Access: Attackers who compromise a Microsoft 365 account can create a separate Google identity, maintaining access to third-party apps even after the original credentials are revoked.
  5. Inadequate Offboarding: Employees may retain unauthorized access to connected apps or data repositories through unmanaged Google accounts after leaving the company.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

Users can easily create personal Google accounts or sign up for the free Google Docs Essentials Starter plan using their company email addresses.

Microsoft 365 Access Via Google Docs
Microsoft 365 Access Via Google Docs

This process requires no administrative approval and can be completed in minutes, giving users an unmanaged Google identity associated with the organization’s domain, reads the report.

The G-Door vulnerability undermines several key security features of Microsoft 365:

  • Conditional Access policies become ineffective for these unmanaged accounts.
  • Device compliance and geolocation restrictions can be bypassed.
  • Data protection measures and legal compliance efforts are compromised.
  • Group-based access controls in Azure AD (Entra) can be circumvented.

To protect against the G-Door vulnerability, organizations should:

  1. Implement strict domain verification processes for Google Workspace.
  2. Regularly audit and manage unmanaged accounts associated with the company domain.
  3. Enhance user education about the risks of creating personal accounts with work email addresses.
  4. Consider implementing additional third-party security solutions to monitor and control access across multiple cloud platforms.

As organizations increasingly rely on cloud-based productivity suites, addressing vulnerabilities like G-Door becomes crucial for maintaining a robust security posture. IT administrators and security professionals must remain vigilant and adapt their strategies to protect against these emerging threats.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Latest article