Descobertas de ameaças do Cloud Run

O Security Command Center realiza o monitoramento de tempo de execução e plano de controle dos recursos do Cloud Run. Para conferir respostas recomendadas a essas ameaças, consulte Responder a descobertas de ameaças do Cloud Run.

Tipos de descobertas de ambiente de execução

As seguintes detecções de tempo de execução estão disponíveis com a detecção de ameaças do Cloud Run:

• Command and Control: Find Google Cloud Credentials
• Command and Control: Steganography Tool Detected
• Credential Access: GPG Key Reconnaissance
• Credential Access: Search Private Keys or Passwords
• Defense Evasion: Base64 ELF File Command Line
• Defense Evasion: Base64 Encoded Python Script Executed
• Defense Evasion: Base64 Encoded Shell Script Executed
• Defense Evasion: Launch Code Compiler Tool In Container
• Execution: Added Malicious Binary Executed
• Execution: Added Malicious Library Loaded
• Execution: Built in Malicious Binary Executed
• Execution: Container Escape
• Execution: Fileless Execution in /memfd:
• Execution: Kubernetes Attack Tool Execution
• Execution: Local Reconnaissance Tool Execution
• Execution: Malicious Python executed
• Execution: Modified Malicious Binary Executed
• Execution: Modified Malicious Library Loaded
• Execution: Netcat Remote Code Execution in Container
• Execution: Possible Arbitrary Command Execution through CUPS (CVE-2024-47177)
• Execution: Possible Remote Command Execution Detected
• Execution: Program Run with Disallowed HTTP Proxy Env
• Execution: Socat Reverse Shell Detected
• Execution: Suspicious OpenSSL Shared Object Loaded
• Exfiltration: Launch Remote File Copy Tools in Container
• Impact: Detect Malicious Cmdlines
• Impact: Remove Bulk Data From Disk
• Impact: Suspicious crypto mining activity using the Stratum Protocol
• Malicious Script Executed
• Malicious URL Observed
• Privilege Escalation: Abuse of Sudo For Privilege Escalation (CVE-2019-14287)
• Privilege Escalation: Fileless Execution in /dev/shm
• Privilege Escalation: Polkit Local Privilege Escalation Vulnerability (CVE-2021-4034)
• Privilege Escalation: Sudo Potential Privilege Escalation (CVE-2021-3156)
• Reverse Shell
• Unexpected Child Shell

Tipos de descobertas do plano de controle

As seguintes detecções do plano de controle estão disponíveis com a Detecção de ameaça a eventos:

• Execution: Cryptomining Docker Image
• Impact: Cryptomining Commands
• Privilege Escalation: Default Compute Engine Service Account SetIAMPolicy

A seguir

• Saiba mais sobre a detecção de ameaças do Cloud Run.
• Saiba mais sobre a Detecção de ameaças a eventos.
• Saiba como responder a descobertas de ameaças do Cloud Run.
• Consulte Índice de descobertas de ameaças.