Show in Graph
Common Information
Type Value
Value 
Cloud API - T1059.009
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may abuse cloud APIs to execute malicious commands. APIs available in cloud environments provide various functionalities and are a feature-rich method for programmatic access to nearly all aspects of a tenant. These APIs may be utilized through various methods such as command line interpreters (CLIs), in-browser Cloud Shells, [PowerShell](https://attack.mitre.org/techniques/T1059/001) modules like Azure for PowerShell(Citation: Microsoft - Azure PowerShell), or software developer kits (SDKs) available for languages such as [Python](https://attack.mitre.org/techniques/T1059/006). Cloud API functionality may allow for administrative access across all major services in a tenant such as compute, storage, identity and access management (IAM), networking, and security policies. With proper permissions (often via use of credentials such as [Application Access Token](https://attack.mitre.org/techniques/T1550/001) and [Web Session Cookie](https://attack.mitre.org/techniques/T1550/004)), adversaries may abuse cloud APIs to invoke various functions that execute malicious actions. For example, CLI and PowerShell functionality may be accessed through binaries installed on cloud-hosted or on-premises hosts or accessed through a browser-based cloud shell offered by many cloud platforms (such as AWS, Azure, and GCP). These cloud shells are often a packaged unified environment to use CLI and/or scripting modules hosted as a container in the cloud environment.
Details Published Attributes CTI Title
Details Website 2024-11-17 11 Cyber attacks in Robotics: Risk and Prevention
Details Website 2024-11-14 0 Overcoming Kubernetes Log Challenges in Detection | Wiz Blog
Details Website 2024-11-14 3 Advanced Bot Protection You Must Know
Details Website 2024-11-13 3 Advanced Bot Protection You Must Know
Details Website 2024-11-07 0 Permiso Releases Suite of Open-Source Tools to Bolster Detection Capabilities for Past,Present and Future Attacks
Details Website 2024-11-07 0 Permiso Adds Three More Open Source Cybersecurity Tools
Details Website 2024-11-06 0 INTRODUCING CAPICHE DETECTION FRAMEWORK: AN OPEN-SOURCE TOOL TO SIMPLIFY CLOUD API-BASED HUNTING
Details Website 2024-11-04 0 5 Must-See Sessions at KubeCon North America
Details Website 2024-10-27 5 A Deep Dive into Advanced Cloud Security Threats
Details Website 2024-10-25 11 How to use Google Cloud API integration in Google SecOps
Details Website 2024-10-16 8 SecAI Unveils Dual Intelligence-Powered Cybersecurity | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Details Website 2024-10-15 3 Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems - CyberSRC
Details Website 2024-10-08 0 Cloudflare acquires Kivera to add simple, preventive cloud security to Cloudflare One
Details Website 2024-10-01 0 The Rise of Cloud-Native Security
Details Website 2024-09-26 3 Advancements in AI: Quite a Leg Up for Cybersecurity (82% of data breaches involve human error!)
Details Website 2024-09-25 1 New integration: Nebula and OneView with Google Chronicle SIEM - ThreatDown by Malwarebytes
Details Website 2024-09-21 4 More for Less — Securing with HELK
Details Website 2024-09-20 0 Synergizing Cybersecurity: The Benefits of Technology Alliances
Details Website 2024-08-07 41 Cloud Cover: How Malicious Actors Are Leveraging Cloud Services
Details Website 2024-07-04 4 How Cloud Migration is Affecting AppSec - A Red Teamer's Perspective | JUMPSEC LABS
Details Website 2024-06-20 78 我们需要从JS文件里提取哪些信息?
Details Website 2024-06-04 0 CISOs Navigating the GenAI Tide: Actionable Insights from SANS Institute
Details Website 2024-03-18 10 Application consent attacks: Patterns, detection, and mitigation
Details Website 2024-02-09 6 New attack vectors emerge via recent EKS updates | Wiz Blog
Details Website 2023-12-06 198 Russia/Ukraine Update - December 2023