Suspicious activity

Create public access security rule from malicious IP address

Risk Level

Imminent Compromised (2)

Platform(s)

Description

Orca detected a create or modify security group rule operation from a malicious IP address. The operation was called from a malicious IP address - {MaliciousIp.MaliciousIp}, which might indicate of an exfiltration or a persistence attempt. An attacker with permissions to create or modify security groups can expose sensitive assets to the internet in order the maintain his access or leak information.

  • Recommended Mitigation

    It is recommended to review the permissions which were used to make this api call and verify if the change in the security group is necessary.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.