O Security Command Center realiza a monitorização de tempo de execução e do plano de controlo dos recursos do Cloud Run. Para ver respostas recomendadas a estas ameaças, consulte o artigo Responda a resultados de ameaças do Cloud Run.
Tipos de descobertas de tempo de execução
As seguintes deteções de tempo de execução estão disponíveis com a Deteção de ameaças do Cloud Run:
-
Command and Control: Find Google Cloud Credentials -
Command and Control: Steganography Tool Detected -
Credential Access: GPG Key Reconnaissance -
Credential Access: Search Private Keys or Passwords -
Defense Evasion: Base64 ELF File Command Line -
Defense Evasion: Base64 Encoded Python Script Executed -
Defense Evasion: Base64 Encoded Shell Script Executed -
Defense Evasion: Launch Code Compiler Tool In Container -
Execution: Added Malicious Binary Executed -
Execution: Added Malicious Library Loaded -
Execution: Built in Malicious Binary Executed -
Execution: Container Escape -
Execution: Fileless Execution in /memfd: -
Execution: Kubernetes Attack Tool Execution -
Execution: Local Reconnaissance Tool Execution -
Execution: Malicious Python executed -
Execution: Modified Malicious Binary Executed -
Execution: Modified Malicious Library Loaded -
Execution: Netcat Remote Code Execution in Container -
Execution: Possible Arbitrary Command Execution through CUPS (CVE-2024-47177) -
Execution: Possible Remote Command Execution Detected -
Execution: Program Run with Disallowed HTTP Proxy Env -
Execution: Socat Reverse Shell Detected -
Execution: Suspicious OpenSSL Shared Object Loaded -
Exfiltration: Launch Remote File Copy Tools in Container -
Impact: Detect Malicious Cmdlines -
Impact: Remove Bulk Data From Disk -
Impact: Suspicious crypto mining activity using the Stratum Protocol -
Malicious Script Executed -
Malicious URL Observed -
Privilege Escalation: Abuse of Sudo For Privilege Escalation (CVE-2019-14287) -
Privilege Escalation: Fileless Execution in /dev/shm -
Privilege Escalation: Polkit Local Privilege Escalation Vulnerability (CVE-2021-4034) -
Privilege Escalation: Sudo Potential Privilege Escalation (CVE-2021-3156) -
Reverse Shell -
Unexpected Child Shell
Tipos de descobertas do plano de controlo
As seguintes deteções do plano de controlo estão disponíveis com a Deteção de ameaças de eventos:
-
Execution: Cryptomining Docker Image -
Impact: Cryptomining Commands -
Privilege Escalation: Default Compute Engine Service Account SetIAMPolicy
O que se segue?
- Saiba mais sobre a deteção de ameaças do Cloud Run.
- Saiba mais sobre a Deteção de ameaças de eventos.
- Saiba como responder a resultados de ameaças do Cloud Run.
- Consulte o índice de resultados de ameaças.