Common Information
| Type | Value |
|---|---|
| Value |
Cloud Accounts - T1078.004 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Cloud accounts are those created and configured by an organization for use by users, remote support, services, or for administration of resources within a cloud service provider or SaaS application. Cloud Accounts can exist solely in the cloud; alternatively, they may be hybrid-joined between on-premises systems and the cloud through syncing or federation with other identity sources such as Windows Active Directory. (Citation: AWS Identity Federation)(Citation: Google Federating GC)(Citation: Microsoft Deploying AD Federation) Service or user accounts may be targeted by adversaries through [Brute Force](https://attack.mitre.org/techniques/T1110), [Phishing](https://attack.mitre.org/techniques/T1566), or various other means to gain access to the environment. Federated or synced accounts may be a pathway for the adversary to affect both on-premises systems and cloud environments - for example, by leveraging shared credentials to log onto [Remote Services](https://attack.mitre.org/techniques/T1021). High privileged cloud accounts, whether federated, synced, or cloud-only, may also allow pivoting to on-premises environments by leveraging SaaS-based [Software Deployment Tools](https://attack.mitre.org/techniques/T1072) to run commands on hybrid-joined devices. An adversary may create long lasting [Additional Cloud Credentials](https://attack.mitre.org/techniques/T1098/001) on a compromised cloud account to maintain persistence in the environment. Such credentials may also be used to bypass security controls such as multi-factor authentication. Cloud accounts may also be able to assume [Temporary Elevated Cloud Access](https://attack.mitre.org/techniques/T1548/005) or other privileges through various means within the environment. Misconfigurations in role assignments or role assumption policies may allow an adversary to use these mechanisms to leverage permissions outside the intended scope of the account. Such over privileged accounts may be used to harvest sensitive data from online storage accounts and databases through [Cloud API](https://attack.mitre.org/techniques/T1059/009) or other methods. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-16 | 90 | From Royal to BlackSuit: Understanding the Tactics and Impact of a Sophisticated Ransomware Strain | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-11-14 | 24 | Major cyber attacks and data breaches of 2024 | ||
| Details | Website | 2024-11-13 | 3 | Top challenges for implementing multi-domain correlation in the cloud | ||
| Details | Website | 2024-11-13 | 1 | Top challenges for implementing multi-domain correlation in the cloud | ||
| Details | Website | 2024-11-12 | 4 | Hunting for Account Takeovers in Office 365 Logs | ||
| Details | Website | 2024-11-12 | 0 | Cloud Data Security: How to Get it Right? | ||
| Details | Website | 2024-11-12 | 0 | The Problem: Using One Email for Everything | ||
| Details | Website | 2024-11-12 | 5 | Report Shows Ransomware Has Grown 41% for Construction Industry - ReliaQuest | ||
| Details | Website | 2024-11-12 | 0 | Elastic Security 8.16: Elastic AI Assistant updates and contextualized cloud detection and response | ||
| Details | Website | 2024-11-08 | 0 | Google To Make MFA Mandatory for Google Cloud in 2025 | ||
| Details | Website | 2024-11-07 | 1 | Google Cloud to make MFA mandatory by the end of 2025 | ||
| Details | Website | 2024-11-07 | 0 | Google Cloud makes MFA mandatory for all global users by 2025 - Cybersecurity Insiders | ||
| Details | Website | 2024-11-07 | 2 | Runtime security in multi-cloud environments: best practices and importance | ||
| Details | Website | 2024-11-07 | 0 | Mandatory Multifactor Authentication for Google Cloud Users by 2025 - RedPacket Security | ||
| Details | Website | 2024-11-07 | 1 | Google’s New Security Mandate: MFA to be Mandatory on All Google Cloud Accounts by 2025 | ||
| Details | Website | 2024-11-07 | 6 | Category | ||
| Details | Website | 2024-11-06 | 0 | Google Cloud: MFA Will Be Mandatory for All Users in 2025 | ||
| Details | Website | 2024-11-06 | 0 | GZR Observer Daily — Nov 6, 2024 | ||
| Details | Website | 2024-11-06 | 0 | CloudCheckr Unveiled: Comprehensive Guide to Cloud Cost Management, Security, and Compliance… | ||
| Details | Website | 2024-11-06 | 0 | Google Cloud to Mandate Multifactor Authentication by 2025 | ||
| Details | Website | 2024-11-06 | 1 | Google Cloud to make MFA mandatory by the end of 2025 | ||
| Details | Website | 2024-11-05 | 5 | Mastering Cloud Security Audit: Step-by-Step with Scout Suite | ||
| Details | Website | 2024-11-05 | 4 | The Credential Abuse Cycle: Theft, Trade, and Exploitation - ReliaQuest | ||
| Details | Website | 2024-10-31 | 2 | The Latest in Cybersecurity: Recent Vulnerabilities and Breaches to Watch | ||
| Details | Website | 2024-10-31 | 4 | Moving Baselime from AWS to Cloudflare: simpler architecture, improved performance, over 80% lower cloud costs |