T1530 Data from Cloud Storage Object Mappings

Adversaries may access data objects from improperly secured cloud storage.

Many cloud service providers offer solutions for online data storage such as Amazon S3, Azure Storage, and Google Cloud Storage. These solutions differ from other storage solutions (such as SQL or Elasticsearch) in that there is no overarching application. Data from these solutions can be retrieved directly using the cloud provider's APIs. Solution providers typically offer security guides to help end users configure systems.(Citation: Amazon S3 Security, 2019)(Citation: Microsoft Azure Storage Security, 2019)(Citation: Google Cloud Storage Best Practices, 2019)

Misconfiguration by end users is a common problem. There have been numerous incidents where cloud storage has been improperly secured (typically by unintentionally allowing public access by unauthenticated users or overly-broad access by all users), allowing open access to credit cards, personally identifiable information, medical records, and other sensitive information.(Citation: Trend Micro S3 Exposed PII, 2017)(Citation: Wired Magecart S3 Buckets, 2019)(Citation: HIPAA Journal S3 Breach, 2017) Adversaries may also obtain leaked credentials in source repositories, logs, or other means as a way to gain access to cloud storage objects that have access permission controls.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
beyondcorp_enterprise BeyondCorp Enterprise technique_scores T1530 Data from Cloud Storage Object
chronicle Chronicle technique_scores T1530 Data from Cloud Storage Object
access_transparency Access Transparency technique_scores T1530 Data from Cloud Storage Object
firewalls Firewalls technique_scores T1530 Data from Cloud Storage Object
security_command_center Security Command Center technique_scores T1530 Data from Cloud Storage Object
cloud_storage Cloud Storage technique_scores T1530 Data from Cloud Storage Object
cloud_data_loss_prevention Cloud Data Loss Prevention technique_scores T1530 Data from Cloud Storage Object
advancedprotectionprogram AdvancedProtectionProgram technique_scores T1530 Data from Cloud Storage Object
policy_intelligence Policy Intelligence technique_scores T1530 Data from Cloud Storage Object
policy_intelligence Policy Intelligence technique_scores T1530 Data from Cloud Storage Object
vpc_service_controls VPC Service Controls technique_scores T1530 Data from Cloud Storage Object