Security Command Center realiza una supervisión del tiempo de ejecución y del plano de control de los recursos de Cloud Run. Para obtener respuestas recomendadas a estas amenazas, consulta Responde a los hallazgos de amenazas de Cloud Run.
Tipos de hallazgos del tiempo de ejecución
Las siguientes detecciones de tiempo de ejecución están disponibles en la detección de amenazas de Cloud Run:
-
Command and Control: Find Google Cloud Credentials -
Command and Control: Steganography Tool Detected -
Credential Access: GPG Key Reconnaissance -
Credential Access: Search Private Keys or Passwords -
Defense Evasion: Base64 ELF File Command Line -
Defense Evasion: Base64 Encoded Python Script Executed -
Defense Evasion: Base64 Encoded Shell Script Executed -
Defense Evasion: Launch Code Compiler Tool In Container -
Execution: Added Malicious Binary Executed -
Execution: Added Malicious Library Loaded -
Execution: Built in Malicious Binary Executed -
Execution: Container Escape -
Execution: Fileless Execution in /memfd: -
Execution: Kubernetes Attack Tool Execution -
Execution: Local Reconnaissance Tool Execution -
Execution: Malicious Python executed -
Execution: Modified Malicious Binary Executed -
Execution: Modified Malicious Library Loaded -
Execution: Netcat Remote Code Execution in Container -
Execution: Possible Arbitrary Command Execution through CUPS (CVE-2024-47177) -
Execution: Possible Remote Command Execution Detected -
Execution: Program Run with Disallowed HTTP Proxy Env -
Execution: Socat Reverse Shell Detected -
Execution: Suspicious OpenSSL Shared Object Loaded -
Exfiltration: Launch Remote File Copy Tools in Container -
Impact: Detect Malicious Cmdlines -
Impact: Remove Bulk Data From Disk -
Impact: Suspicious crypto mining activity using the Stratum Protocol -
Malicious Script Executed -
Malicious URL Observed -
Privilege Escalation: Abuse of Sudo For Privilege Escalation (CVE-2019-14287) -
Privilege Escalation: Fileless Execution in /dev/shm -
Privilege Escalation: Polkit Local Privilege Escalation Vulnerability (CVE-2021-4034) -
Privilege Escalation: Sudo Potential Privilege Escalation (CVE-2021-3156) -
Reverse Shell -
Unexpected Child Shell
Tipos de hallazgos del plano de control
Las siguientes detecciones del plano de control están disponibles en Event Threat Detection:
-
Execution: Cryptomining Docker Image -
Impact: Cryptomining Commands -
Privilege Escalation: Default Compute Engine Service Account SetIAMPolicy
¿Qué sigue?
- Obtén más información sobre la Detección de amenazas de Cloud Run.
- Obtén información sobre Event Threat Detection.
- Aprende a responder a los hallazgos de amenazas de Cloud Run.
- Consulta el Índice de hallazgos de amenazas.