Abuse and Nefarious Use of Cloud Services
In the Reports Portal, select > > > > .
Malicious users can exploit poorly secured cloud service deployments, free cloud service trials, and fraudulent account sign-ups, which expose cloud computing models such as Iaas, PaaS, and SaaS. You might experience denial of service attacks, email spam and phishing campaigns, and brute-force computing attacks, or malicious individuals spoofing identities.
Some charts display data reported by Amazon GuardDuty, which is a threat detection service that continuously watches for malicious activity and unauthorized behavior.
- DoS Originated from EC2 Instances
- Helps you identify denial of services activities that arise from EC2 (AWS Elastic Compute Cloud service) instances. The charts and table show events summarized by their Amazon resource name, severity, and GuardDuty.
- EC2 Instances Communicating with Cryptocurrency Entity
- Displays EC2 instances that communicates with cryptocurrency IP addresses or domains.
- EC2 Instances Querying Domains Involved in Phishing Attacks
- Lists the EC2 instances in which querying domains are involved in phishing attacks.
- EC2 Machines Involved in Suspicious Communication
- Lists the EC2 machines that are involved in suspicious communication.
- Email Spam Originated from EC2 Instances
- Identifies email spam that originates from EC2 instances.
- Nefarious Activity by an Unauthorized Individual from EC2
- Displays events that Amazon GuardDuty reports as nefarious activity by an unauthorized individual from EC2 machines. Amazon GuardDuty is a threat detection service that continuously watches for malicious activity and unauthorized behavior.
- Suspicious Activity Reported by Microsoft Azure
- Lists suspicious activity reported by Microsoft Azure.
- Trojans or Backdoors Installed on EC2 Instances
- Lists backdoors or trojans discovered on EC2 machines.