risks / Data destruction

Description

Allows an attacker to delete organizational data. May cause interruption of services (including critical operations of the organization) and significant legal liability. Data loss can be either permanent or temporary, and is mitigated by frequent data backup.

Risk: CRITICAL

Exploited in isolation, this risk has the potential to disrupt central organizational operations, destroy trust, or create significant liability. Alternatively, this risk gives attackers access to broadly provisioned identities that enable the above impacts (such as root privilege escalation risks).

Mitigations

  1. Data backup

Links

  1. https:/​/​attack.mitre.org/​techniques/​T1485/​

Affected Privileges

An attacker may be able to exploit this risk if they gain any of the following privileges:

Google Cloud Platform

© 2023–present P0 Security and contributors to the IAM Privilege Catalog