Common Information
| Type | Value |
|---|---|
| Value |
Cloud Accounts - T1078.004 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Cloud accounts are those created and configured by an organization for use by users, remote support, services, or for administration of resources within a cloud service provider or SaaS application. Cloud Accounts can exist solely in the cloud; alternatively, they may be hybrid-joined between on-premises systems and the cloud through syncing or federation with other identity sources such as Windows Active Directory. (Citation: AWS Identity Federation)(Citation: Google Federating GC)(Citation: Microsoft Deploying AD Federation) Service or user accounts may be targeted by adversaries through [Brute Force](https://attack.mitre.org/techniques/T1110), [Phishing](https://attack.mitre.org/techniques/T1566), or various other means to gain access to the environment. Federated or synced accounts may be a pathway for the adversary to affect both on-premises systems and cloud environments - for example, by leveraging shared credentials to log onto [Remote Services](https://attack.mitre.org/techniques/T1021). High privileged cloud accounts, whether federated, synced, or cloud-only, may also allow pivoting to on-premises environments by leveraging SaaS-based [Software Deployment Tools](https://attack.mitre.org/techniques/T1072) to run commands on hybrid-joined devices. An adversary may create long lasting [Additional Cloud Credentials](https://attack.mitre.org/techniques/T1098/001) on a compromised cloud account to maintain persistence in the environment. Such credentials may also be used to bypass security controls such as multi-factor authentication. Cloud accounts may also be able to assume [Temporary Elevated Cloud Access](https://attack.mitre.org/techniques/T1548/005) or other privileges through various means within the environment. Misconfigurations in role assignments or role assumption policies may allow an adversary to use these mechanisms to leverage permissions outside the intended scope of the account. Such over privileged accounts may be used to harvest sensitive data from online storage accounts and databases through [Cloud API](https://attack.mitre.org/techniques/T1059/009) or other methods. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-30 | 0 | How Cybersecurity Companies in Dubai Enhance Cloud Security for Businesses | ||
| Details | Website | 2024-10-29 | 0 | Evasive Panda Deploys Advanced CloudScout Malware to Steal Data from Taiwanese Institutions - CloudSEK News | ||
| Details | Website | 2024-10-28 | 0 | Key Modules in the Offensive Cloud Learning Path | ||
| Details | Website | 2024-10-25 | 3 | Learn Cloud Pentesting (Roadmap) and earn in $100,000—$150,000 | ||
| Details | Website | 2024-10-23 | 2 | Why DSPM is Essential for Achieving Data Privacy in 2024 | ||
| Details | Website | 2024-10-22 | 0 | LLMjacking and Open-Source Tool Abuse Surge in 2024 Cloud Attacks | ||
| Details | Website | 2024-10-22 | 0 | Sysdig 2024 global threat report | ||
| Details | Website | 2024-10-22 | 0 | Sysdig 2024 global threat report | ||
| Details | Website | 2024-10-18 | 27 | Iranian Cyber Actors’ Brute Force and Credential Access Attacks: CISA Alert AA24-290A | ||
| Details | Website | 2024-10-18 | 8 | Elevate Your Threat Hunting with Elastic — Elastic Security Labs | ||
| Details | Website | 2024-10-17 | 0 | Day 17 — How Secure is Your Data in the Cloud? | ||
| Details | Website | 2024-10-17 | 1 | Pitfalls of Cloud Sprawl and How to Avoid Them | ||
| Details | Website | 2024-10-16 | 7 | How to Build Custom Controls in Sysdig Secure | ||
| Details | Website | 2024-10-16 | 108 | Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations | CISA | ||
| Details | Website | 2024-10-16 | 7 | How to Build Custom Controls in Sysdig Secure | ||
| Details | Website | 2024-10-10 | 27 | Russian SVR Exploiting Unpatched Vulnerabilities in Global Cyber Campaign | ||
| Details | Website | 2024-10-09 | 0 | Cybersecurity Tip Day 3: Enable MFA and Multiple Positions to Your Routine | ||
| Details | Website | 2024-10-09 | 11 | Container security best practices: Comprehensive guide | ||
| Details | Website | 2024-10-08 | 0 | Cloudflare acquires Kivera to add simple, preventive cloud security to Cloudflare One | ||
| Details | Website | 2024-10-07 | 141 | Mind the (air) gap: GoldenJackal gooses government guardrails | ||
| Details | Website | 2024-10-03 | 2 | A Single Cloud Compromise Can Feed an Army of AI Sex Bots | ||
| Details | Website | 2024-10-03 | 0 | Cybersecurity Spending on the Rise, But Security Leaders Still Feel Vu | ||
| Details | Website | 2024-10-03 | 2 | A Single Cloud Compromise Can Feed an Army of AI Sex Bots – Krebs on Security | ||
| Details | Website | 2024-10-02 | 57 | Separating the bee from the panda: CeranaKeeper making a beeline for Thailand | ||
| Details | Website | 2024-09-27 | 0 | Revolutionary DDI Services for the Hybrid, Multi-Cloud Era |