Risultati delle minacce Cloud Run

Security Command Center esegue il monitoraggio runtime e del control plane delle risorse Cloud Run. Per le risposte consigliate a queste minacce, vedi Rispondere ai risultati delle minacce di Cloud Run.

Tipi di risultati di runtime

Le seguenti rilevazioni di runtime sono disponibili con Cloud Run Threat Detection:

• Command and Control: Find Google Cloud Credentials
• Command and Control: Steganography Tool Detected
• Credential Access: GPG Key Reconnaissance
• Credential Access: Search Private Keys or Passwords
• Defense Evasion: Base64 ELF File Command Line
• Defense Evasion: Base64 Encoded Python Script Executed
• Defense Evasion: Base64 Encoded Shell Script Executed
• Defense Evasion: Launch Code Compiler Tool In Container
• Execution: Added Malicious Binary Executed
• Execution: Added Malicious Library Loaded
• Execution: Built in Malicious Binary Executed
• Execution: Container Escape
• Execution: Fileless Execution in /memfd:
• Execution: Kubernetes Attack Tool Execution
• Execution: Local Reconnaissance Tool Execution
• Execution: Malicious Python executed
• Execution: Modified Malicious Binary Executed
• Execution: Modified Malicious Library Loaded
• Execution: Netcat Remote Code Execution in Container
• Execution: Possible Arbitrary Command Execution through CUPS (CVE-2024-47177)
• Execution: Possible Remote Command Execution Detected
• Execution: Program Run with Disallowed HTTP Proxy Env
• Execution: Socat Reverse Shell Detected
• Execution: Suspicious OpenSSL Shared Object Loaded
• Exfiltration: Launch Remote File Copy Tools in Container
• Impact: Detect Malicious Cmdlines
• Impact: Remove Bulk Data From Disk
• Impact: Suspicious crypto mining activity using the Stratum Protocol
• Malicious Script Executed
• Malicious URL Observed
• Privilege Escalation: Abuse of Sudo For Privilege Escalation (CVE-2019-14287)
• Privilege Escalation: Fileless Execution in /dev/shm
• Privilege Escalation: Polkit Local Privilege Escalation Vulnerability (CVE-2021-4034)
• Privilege Escalation: Sudo Potential Privilege Escalation (CVE-2021-3156)
• Reverse Shell
• Unexpected Child Shell

Tipi di risultati del control plane

Con Event Threat Detection sono disponibili i seguenti rilevamenti del control plane:

• Execution: Cryptomining Docker Image
• Impact: Cryptomining Commands
• Privilege Escalation: Default Compute Engine Service Account SetIAMPolicy

Passaggi successivi

• Scopri di più su Cloud Run Threat Detection.
• Scopri di più su Event Threat Detection.
• Scopri come rispondere ai risultati delle minacce di Cloud Run.
• Consulta l'indice dei risultati delle minacce.