Suspicious activity

List S3 bucket API call was made from Tor IP address

Risk Level

Hazardous (3)

Platform(s)

Description

Orca detected that an API call to list S3 buckets was made from a Tor IP - {MaliciousIp.MaliciousIp}. This action may indicate of a presence of an unauthorized actor in the cloud environment, since listing S3 buckets is a common enumeration action attackers conduct in the reconnaissance phase.

  • Recommended Mitigation

    It is recommended to review relevant CloudTrail event and principal's activity that issued this API call.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.