<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Access-Denied - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/access-denied/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 03 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/access-denied/feed.xml" rel="self" type="application/rss+xml"/><item><title>AWS Bedrock Invoke Model Access Denied Attempt</title><link>https://feed.craftedsignal.io/briefs/2024-01-aws-bedrock-access-denied/</link><pubDate>Wed, 03 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-aws-bedrock-access-denied/</guid><description>Detection of AccessDenied errors when attempting to invoke AWS Bedrock models via the InvokeModel API indicates potential reconnaissance or privilege escalation attempts by an adversary with compromised credentials.</description><content:encoded><![CDATA[<p>This threat brief focuses on detecting unauthorized access attempts to AWS Bedrock models. The trigger is an <code>AccessDenied</code> error when a user or service attempts to invoke a Bedrock model using the <code>InvokeModel</code> API. The detection leverages AWS CloudTrail logs. This activity is concerning because it may signal an adversary attempting to access generative AI resources with compromised credentials but lacking the necessary permissions. Successful exploitation could lead to data exfiltration or manipulation of model outputs. The targeted resources are AWS Bedrock models, a suite of foundation models offered by Amazon.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li><strong>Credential Compromise:</strong> An attacker gains access to AWS credentials through phishing, credential stuffing, or other means (T1550).</li>
<li><strong>Initial Access:</strong> The attacker uses the compromised credentials to access the AWS environment (T1078).</li>
<li><strong>Discovery: List Foundation Models:</strong> The attacker attempts to list available Bedrock foundation models using the AWS CLI or API, potentially to identify accessible resources.</li>
<li><strong>Attempt InvokeModel:</strong> The attacker attempts to invoke a specific Bedrock model (e.g., <code>InvokeModel</code> API call) without proper permissions.</li>
<li><strong>Access Denied:</strong> AWS returns an <code>AccessDenied</code> error, logged in CloudTrail. This indicates insufficient permissions for the attempted action.</li>
<li><strong>Privilege Escalation Attempt (Optional):</strong> The attacker may attempt to escalate privileges by exploiting misconfigurations or vulnerabilities in IAM roles or policies.</li>
<li><strong>Lateral Movement (Optional):</strong> If privilege escalation is successful, the attacker may attempt to move laterally to other AWS resources.</li>
<li><strong>Impact (Failed):</strong> The attacker is unable to access or manipulate Bedrock models due to the <code>AccessDenied</code> error.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>While the <code>AccessDenied</code> error prevents immediate damage, the attempt itself indicates malicious activity. A successful privilege escalation following this access denial could lead to exfiltration of data used by the models, tampering with model outputs, or disruption of services relying on the Bedrock models. The TrustOnCloud reference highlights potential flaws in Bedrock's access control, emphasizing the need for monitoring.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Deploy the &quot;AWS Bedrock Invoke Model Access Denied&quot; Sigma rule to your SIEM and tune for your environment to detect access denial attempts (rule provided below).</li>
<li>Investigate any detected instances of <code>AccessDenied</code> errors for <code>InvokeModel</code> API calls in CloudTrail logs, focusing on the source IP (<code>src</code>), user (<code>user</code>), and affected model (<code>requestParameters.modelId</code>).</li>
<li>Review and harden IAM policies related to AWS Bedrock to ensure least privilege access.</li>
<li>Enable and review CloudTrail logs for all AWS regions and services to ensure comprehensive security monitoring.</li>
</ul>
]]></content:encoded><category domain="severity">medium</category><category domain="type">advisory</category><category>aws</category><category>bedrock</category><category>access-denied</category><category>privilege-escalation</category></item></channel></rss>