Common Information
Type | Value |
---|---|
Value |
Cloud Accounts - T1078.004 |
Category | Attack-Pattern |
Type | Mitre-Attack-Pattern |
Misp Type | Cluster |
Description | Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Cloud accounts are those created and configured by an organization for use by users, remote support, services, or for administration of resources within a cloud service provider or SaaS application. Cloud Accounts can exist solely in the cloud; alternatively, they may be hybrid-joined between on-premises systems and the cloud through syncing or federation with other identity sources such as Windows Active Directory. (Citation: AWS Identity Federation)(Citation: Google Federating GC)(Citation: Microsoft Deploying AD Federation) Service or user accounts may be targeted by adversaries through [Brute Force](https://attack.mitre.org/techniques/T1110), [Phishing](https://attack.mitre.org/techniques/T1566), or various other means to gain access to the environment. Federated or synced accounts may be a pathway for the adversary to affect both on-premises systems and cloud environments - for example, by leveraging shared credentials to log onto [Remote Services](https://attack.mitre.org/techniques/T1021). High privileged cloud accounts, whether federated, synced, or cloud-only, may also allow pivoting to on-premises environments by leveraging SaaS-based [Software Deployment Tools](https://attack.mitre.org/techniques/T1072) to run commands on hybrid-joined devices. An adversary may create long lasting [Additional Cloud Credentials](https://attack.mitre.org/techniques/T1098/001) on a compromised cloud account to maintain persistence in the environment. Such credentials may also be used to bypass security controls such as multi-factor authentication. Cloud accounts may also be able to assume [Temporary Elevated Cloud Access](https://attack.mitre.org/techniques/T1548/005) or other privileges through various means within the environment. Misconfigurations in role assignments or role assumption policies may allow an adversary to use these mechanisms to leverage permissions outside the intended scope of the account. Such over privileged accounts may be used to harvest sensitive data from online storage accounts and databases through [Cloud API](https://attack.mitre.org/techniques/T1059/009) or other methods. |
Details | Published | Attributes | CTI | Title | ||
---|---|---|---|---|---|---|
Details | Website | 2024-09-27 | 0 | Top 6 Cloud Security Threats to Watch Out For | ||
Details | Website | 2024-09-24 | 2 | Microsoft Pushes Governance, Sheds Unused Apps in Security Push | ||
Details | Website | 2024-09-24 | 3 | SaaS Data Breaches on the Rise | ||
Details | Website | 2024-09-23 | 0 | Relationship broken up? Here’s how to separate your online accounts | ||
Details | Website | 2024-09-23 | 0 | Relationship broken up? Here's how to separate your online accounts | Malwarebytes | ||
Details | Website | 2024-09-23 | 17 | Mastering Cloud-Specific IOCs for Enhanced Threat Detection | Wiz Blog | ||
Details | Website | 2024-09-19 | 0 | Trending cyberthreats and techniques from the first half of 2024 | Red Canary | ||
Details | Website | 2024-09-19 | 5 | Secure your Elastic Cloud account with multifactor authentication (MFA) | ||
Details | Website | 2024-09-18 | 12 | The Growing Dangers of LLMjacking: Evolving Tactics and Evading Sanctions | ||
Details | Website | 2024-09-18 | 0 | How to Track Performance Gains with Passkeys | ||
Details | Website | 2024-09-18 | 12 | The Growing Dangers of LLMjacking: Evolving Tactics and Evading Sanctions | ||
Details | Website | 2024-09-17 | 2 | Avoiding The "No Responsibility" Cloud Security Model | ||
Details | Website | 2024-09-11 | 1 | Large-Scale Data Exfiltration: Exploiting Secrets in .env Files to Compromise Cloud Accounts | ||
Details | Website | 2024-09-10 | 0 | Building Secure IoT Networks — From Edge to Cloud | ||
Details | Website | 2024-09-10 | 1 | Proofpoint Sets New Standard for Human-Centric Security with Powerful AI-driven Intelligence, Insights and Integrations | Proofpoint US | ||
Details | Website | 2024-09-06 | 0 | Can I recover a deleted PSS (Password Saver)? | ||
Details | Website | 2024-09-05 | 2 | SaaS Security Lessons Learned the Hard Way | Grip | ||
Details | Website | 2024-09-05 | 3 | Cryptominers in the Cloud | ||
Details | Website | 2024-08-31 | 0 | How can I recover a deleted KeePass Password Database (KDB)? | ||
Details | Website | 2024-08-28 | 14 | The Markitto35 Saga: A Deep Dive into the World of a Digital Data Thief - CloudSEK News | ||
Details | Website | 2024-08-23 | 1 | Focus on What Matters Most: Exposure Management and Your Attack Surface | ||
Details | Website | 2024-08-15 | 62 | Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments | ||
Details | Website | 2024-08-07 | 41 | Cloud Cover: How Malicious Actors Are Leveraging Cloud Services | ||
Details | Website | 2024-08-06 | 0 | Cloud Vendor Integrations Gone Wrong | ||
Details | Website | 2024-07-12 | 0 | How Field Effect MDR simplifies compliance: HIPAA |