Attack Path Categories
The following list details the categories of attack paths that Panoptica identifies. See Attack Path Analysis for more information about attack paths.
- Administrator access compromise - which includes any risk to an identity with admin access (AdministratorAccess policy / actions: + resource: ).
- Cross-account - An attacker with access to another account which can lead to resource compromise.
Unlike other categories, an attack path can be in the cross-account category AND another category - meaning that some Attack Paths will have two categories. The display name in this case will be: “{regular category name} from another account”.
For example, this attack path appears if you filter for the “Data exposure” category AND the “Cross-account” category.
- Data exposure - includes any risk to high permissions (other than admin) on storage resources.
- Insecure configuration – a setup or deployment that is not properly hardened or secured, potentially exposing the system to vulnerabilities and risks.
- Lateral movement – the techniques and activities that attackers use to move from one compromised system or network segment to another within your environment
- Malware infected – indicates that malicious software has infiltrated your resources.
- Neglected resource - an attacker with access to a group can expose and exfiltrate protected data in the account by using the attached risky data permissions.
- Privilege escalation - includes any risk to high permissions (other than admin) on other resources (not storage).
- Secrets exposure – the unintended disclosure of sensitive information, such as API keys, passwords, tokens, private encryption keys, or other credentials that are used to authenticate and authorize access to various cloud services and resources.
- Subdomain takeover - an attacker can take over a subdomain. If an attacker takes over the domain, they can potentially read cookies, perform cross-site scripting, serve malicious content, and more.
- Supply chain compromise – when attackers target vulnerabilities in your supply chain, such as third-party vendors, service providers, or software dependencies. By breaching a trusted supplier, attackers can gain indirect access to your organization's internal systems and data.
- Vulnerable public workload - an attacker with network access to an unencrypted resource can gain full access to the resource and its permissions
Updated 30 days ago