Suspicious activity

Anomaly detection: Permissive role increased access denied responses by reconnaissance activity

Risk Level

Hazardous (3)

Platform(s)

Description

Unlike in the past, the role started executing API calls for listing and describing assets in the cloud account. Due to the execution of the API calls, a large portion was resulted in access denied. The role was identified by Orca as a permissive role, which in case of compromise can put the cloud account at a higher risk. Therefor those findings might indicate on a malicious usage of the role permissions.

  • Recommended Mitigation

    It is recommended to review relevant CloudTrail events and principals that issued this API calls.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.