T1530 Data from Cloud Storage Object Mappings

Adversaries may access data objects from improperly secured cloud storage.

Many cloud service providers offer solutions for online data storage such as Amazon S3, Azure Storage, and Google Cloud Storage. These solutions differ from other storage solutions (such as SQL or Elasticsearch) in that there is no overarching application. Data from these solutions can be retrieved directly using the cloud provider's APIs. Solution providers typically offer security guides to help end users configure systems.(Citation: Amazon S3 Security, 2019)(Citation: Microsoft Azure Storage Security, 2019)(Citation: Google Cloud Storage Best Practices, 2019)

Misconfiguration by end users is a common problem. There have been numerous incidents where cloud storage has been improperly secured (typically by unintentionally allowing public access by unauthenticated users or overly-broad access by all users), allowing open access to credit cards, personally identifiable information, medical records, and other sensitive information.(Citation: Trend Micro S3 Exposed PII, 2017)(Citation: Wired Magecart S3 Buckets, 2019)(Citation: HIPAA Journal S3 Breach, 2017) Adversaries may also obtain leaked credentials in source repositories, logs, or other means as a way to gain access to cloud storage objects that have access permission controls.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1530 Data from Cloud Storage Object
AC-17 Remote Access Protects T1530 Data from Cloud Storage Object
AC-18 Wireless Access Protects T1530 Data from Cloud Storage Object
AC-19 Access Control for Mobile Devices Protects T1530 Data from Cloud Storage Object
AC-2 Account Management Protects T1530 Data from Cloud Storage Object
AC-20 Use of External Systems Protects T1530 Data from Cloud Storage Object
AC-3 Access Enforcement Protects T1530 Data from Cloud Storage Object
AC-4 Information Flow Enforcement Protects T1530 Data from Cloud Storage Object
AC-5 Separation of Duties Protects T1530 Data from Cloud Storage Object
AC-6 Least Privilege Protects T1530 Data from Cloud Storage Object
AC-7 Unsuccessful Logon Attempts Protects T1530 Data from Cloud Storage Object
CA-7 Continuous Monitoring Protects T1530 Data from Cloud Storage Object
CA-8 Penetration Testing Protects T1530 Data from Cloud Storage Object
CM-2 Baseline Configuration Protects T1530 Data from Cloud Storage Object
CM-5 Access Restrictions for Change Protects T1530 Data from Cloud Storage Object
CM-6 Configuration Settings Protects T1530 Data from Cloud Storage Object
CM-7 Least Functionality Protects T1530 Data from Cloud Storage Object
CM-8 System Component Inventory Protects T1530 Data from Cloud Storage Object
IA-2 Identification and Authentication (organizational Users) Protects T1530 Data from Cloud Storage Object
IA-3 Device Identification and Authentication Protects T1530 Data from Cloud Storage Object
IA-4 Identifier Management Protects T1530 Data from Cloud Storage Object
IA-5 Authenticator Management Protects T1530 Data from Cloud Storage Object
IA-6 Authentication Feedback Protects T1530 Data from Cloud Storage Object
IA-8 Identification and Authentication (non-organizational Users) Protects T1530 Data from Cloud Storage Object
RA-5 Vulnerability Monitoring and Scanning Protects T1530 Data from Cloud Storage Object
SC-28 Protection of Information at Rest Protects T1530 Data from Cloud Storage Object
SC-4 Information in Shared System Resources Protects T1530 Data from Cloud Storage Object
SC-7 Boundary Protection Protects T1530 Data from Cloud Storage Object
SI-10 Information Input Validation Protects T1530 Data from Cloud Storage Object
SI-12 Information Management and Retention Protects T1530 Data from Cloud Storage Object
SI-15 Information Output Filtering Protects T1530 Data from Cloud Storage Object
SI-4 System Monitoring Protects T1530 Data from Cloud Storage Object
SI-7 Software, Firmware, and Information Integrity Protects T1530 Data from Cloud Storage Object
action.malware.variety.Capture stored data Capture data stored on system disk related-to T1530 Data from Cloud Storage Object
aws_rds AWS RDS technique_scores T1530 Data from Cloud Storage Object
aws_config AWS Config technique_scores T1530 Data from Cloud Storage Object
aws_s3 AWS S3 technique_scores T1530 Data from Cloud Storage Object
amazon_guardduty Amazon GuardDuty technique_scores T1530 Data from Cloud Storage Object
aws_iot_device_defender AWS IoT Device Defender technique_scores T1530 Data from Cloud Storage Object
aws_security_hub AWS Security Hub technique_scores T1530 Data from Cloud Storage Object
aws_network_firewall AWS Network Firewall technique_scores T1530 Data from Cloud Storage Object