Skip to content
Threat Feed

Tag

Snapshot

6 briefs RSS
medium advisory

AWS RDS DB Snapshot Shared with Another Account

An AWS RDS DB snapshot is shared with another AWS account or made public, potentially enabling unauthorized access, offline analysis, or data exfiltration by allowing adversaries to restore the snapshot in their controlled infrastructure.

AWS RDS aws rds snapshot exfiltration
2r 1t
medium advisory

AWS RDS Snapshot Deletion Detected

The deletion of AWS RDS DB snapshots or disabling backups via configuration changes can inhibit recovery, destroy forensic evidence, and prepare for destructive actions by adversaries.

Amazon RDS aws rds snapshot backup datadestruction
3r 2t
medium advisory

AWS EC2 EBS Snapshot Access Permissions Removed

Detection of AWS EC2 EBS snapshot access permissions removal can indicate malicious attempts to disrupt data recovery, evade detection, or maintain exclusive backup access, leading to increased attack impact and incident response complexity.

EC2 +1 aws ebs snapshot impact
2r 4t
medium advisory

Mass Azure Compute Snapshot Deletion

The rule detects mass deletion of Azure disk snapshots, which could indicate an adversary attempting to inhibit system recovery capabilities, destroy backup evidence, or prepare for a ransomware attack.

Azure snapshot data-destruction impact
2r 2t
high advisory

AWS EC2 Snapshot Shared Externally

Detection of AWS EC2 snapshot shared publicly, indicating potential data exfiltration, by analyzing AWS CloudTrail events.

EC2 aws snapshot data exfiltration cloudtrail
2r 1t
high advisory

AWS EC2 Snapshot Exfiltration Attempt

This analytic detects potential exfiltration of data from AWS EC2 instances through the suspicious creation, modification, and deletion of EC2 snapshots within a short timeframe, potentially leading to unauthorized data access.

EC2 aws snapshot data_exfiltration cloudtrail
2r 1t