Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
AWS enumeration is not a common technique because it can be easily detected. But publicly-available tools such as the AWS Command Line Interface (CLI) can make enumeration easy to perform. As a result, the attacker learns which services are accessible for additional attacks.
The system might change the risk score for this detection.
Kill Chain
Risk Score
33
Amazon Web Services (AWS) provides over 175 digital infrastructure services such as Amazon Simple Storage Service (S3), Amazon Elastic Compute Cloud (EC2), and AWS Lambda. The AWS CLI provides access to all AWS services through public API endpoints. Users must have an access key and secret access key to connect to services through the CLI; the key pair is equivalent to a user identity with an associated privilege level. If an attacker steals a key pair, they can attempt to connect to all AWS services, similar to a brute force technique. A successful connection identifies which of the 175 AWS services the attacker can access with the key pair.
Implement network segmentation and the principle of least privilege on accounts to minimize the damage caused by a compromised device
Implement the principle of least privilege when creating IAM user accounts
Monitor for anomalous AWS service usage
