Cybersecurity researchers have just discovered two serious security vulnerabilities in Looker (Google-owned enterprise data analysis platform) that risk causing tens of thousands of companies worldwide to have their data stolen and take control of the system.
According to a report by cybersecurity company Tenable (USA), these vulnerabilities can allow hackers to deeply penetrate the Looker system, steal sensitive login information, secretly configure, and even control the entire server.
Looker is currently used by more than 60,000 companies in 195 countries, making the risk range particularly worrying.
One of the two main vulnerabilities, collectively named “LookOut”, involves remote code execution (RCE) chains.
Through this technique, the attacker can run malicious remote commands, thereby gaining complete control of the Looker server.
Researchers say hackers targeted the Looker version deployed on a cloud platform that could exploit vulnerabilities to cross-access different systems, while downloading the entire internal administrator database.
Tenable warns that losing control of Looker can lead to the risk of widespread business data leaks.
According to Liv Matan, Senior Research Engineer at Tenable, the level of danger of this vulnerability is particularly high because Looker acts as the "central nervous system" of business data.
An intrusion can allow the attacker to manipulate data or penetrate deeper into the company's private internal network," Ms. Liv Matan warned.
Tenable said Google responded quickly and deployed a patch for the managed Looker Cloud version after receiving a report of the vulnerability.
However, Looker self-storage organizations on private servers or on-site infrastructure are still at risk of being attacked if they do not proactively update patches.
These organizations must be responsible for patching vulnerabilities and protecting infrastructure from the risk of being taken over management," Tenable emphasized.
Looker is a business data analysis platform based in Santa Cruz, California, that allows companies to visualize, query and analyze data stored in the cloud. In 2019, Google acquired Looker for $2.6 billion to expand its data service and cloud computing ecosystem.
This deal is seen as part of Google's strategy to strengthen its capacity to provide data solutions, cloud storage and enterprise software.
Faced with the risk of vulnerability exploitation, Tenable recommends system administrators to urgently review the system. Specifically, businesses should check the . git/hooks/ folder in Looker projects to detect strange or illegal files, especially commands such as pre-push, post-commit or applypatch-msg, which are points that may have been infected with malware by hackers.
In addition, security teams need to analyze application logs, search for signs of internal connection abuse, abnormal SQL errors or SQL injection attack patterns targeting internal databases such as looker__iloker.
Experts warn that the incident is a strong reminder of data security risks in the cloud age, when a single vulnerability can put thousands of businesses at risk of serious breach.
