Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A cloud project had unusual activity in a previously dormant region.
Attacker's Goals
Abuse services in unused geographic regions to evade detection.
Attackers can take advantage of unmonitored regions to avoid detection of their activities. These activities may include various malicious activities, including attacks against internal cloud resources, lateral movement within the environment, mining cryptocurrency through resource hijacking, and more.
Investigative actions
- Check if the detected region is required.
- Delete any resource that was created in the unused region.
- Disable all unused regions.