Suspicious activity

Anomaly detection: Permissive role increased access denied responses by reconnaissance activity

Platform(s)

Description

Unlike in the past, the role started executing API calls for listing and describing assets in the cloud account. Due to the execution of the API calls, a large portion was resulted in access denied. The role was identified by Orca as a permissive role, which in case of compromise can put the cloud account at a higher risk. Therefor those findings might indicate on a malicious usage of the role permissions.