Data Destruction: Lifecycle-Triggered Deletion
Other sub-techniques of Data Destruction (1)
ID | Name |
---|---|
.001 | Lifecycle-Triggered Deletion |
Adversaries may modify the lifecycle policies of a cloud storage bucket to destroy all objects stored within. Cloud storage buckets often allow users to set lifecycle policies to automate the migration, archival, or deletion of objects after a set period of time.(Citation: AWS Storage Lifecycles)(Citation: GCP Storage Lifecycles)(Citation: Azure Storage Lifecycles) If a threat actor has sufficient permissions to modify these policies, they may be able to delete all objects at once. For example, in AWS environments, an adversary with the `PutLifecycleConfiguration` permission may use the `PutBucketLifecycle` API call to apply a lifecycle policy to an S3 bucket that deletes all objects in the bucket after one day.(Citation: Palo Alto Cloud Ransomware) In addition to destroying data for purposes of extortion and Financial Theft, adversaries may also perform this action on buckets storing cloud logs for Indicator Removal.(Citation: Datadog S3 Lifecycle CloudTrail Logs)
Mitigations |
|
Mitigation | Description |
---|---|
User Account Management |
Manage the creation, modification, use, and permissions associated to user accounts. |
Data Backup |
Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise. |
References
- Stratus Red Team. (n.d.). CloudTrail Logs Impairment Through S3 Lifecycle Rule. Retrieved September 25, 2024.
- Ofir Balassiano and Ofir Shaty. (2023, November 29). Ransomware in the Cloud: Breaking Down the Attack Vectors. Retrieved September 25, 2024.
- Microsoft Azure. (2024, July 3). Configure a lifecycle management policy. Retrieved September 25, 2024.
- Google Cloud. (n.d.). Object Lifecycle Management. Retrieved September 25, 2024.
- AWS. (n.d.). Managing the lifecycle of objects. Retrieved September 25, 2024.
- Ready.gov. (n.d.). IT Disaster Recovery Plan. Retrieved March 15, 2019.
Связанные риски
Каталоги
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.