Detections
Analytics
Account Manipulation: Additional Cloud Roles (AWS)
Description
An adversary may add additional roles or permissions to an adversary-controlled cloud account to maintain persistent access to a tenant. For example, they may update IAM policies in cloud-based environments or add a new global administrator in Office 365 environments.With sufficient permissions, a compromised account can gain almost unlimited access to data and settings (including the ability to reset the passwords of other admins).
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable.cs | Cloud | Read-only | HTTPS | List of IAM Policy |
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Collection
Technique: Account Manipulation
Sub-Technique: Additional Cloud Roles
Platform: AWS
Products Required: Tenable.cs
Tenable Release Date: 2022 Q4