Following attackers’ (Cloud)trail in AWS: Methodology and findings in the wild

Oct. 11, 2023, midnight |

Datadog Security Labs securitylabs.datadoghq.com

In this post, we detail some of our methodology and findings in the wild to proactively identify malicious activity by investigating logs in AWS CloudTrail.

attackers aws aws cloudtrail cloud cloudtrail findings identify logs malicious

Visit resource

More from securitylabs.datadoghq.com / Datadog Security Labs

Amplified exposure: How AWS flaws made Amplify IAM roles vulnerable to takeover 2 weeks, 1 day ago | securitylabs.datadoghq.com

amplify aws disclosure exposed +11

The XZ Utils backdoor (CVE-2024-3094): Everything you need to know, and more 3 weeks, 6 days ago | securitylabs.datadoghq.com

ages backdoor backdoors cve +9

A threat-informed roadmap for securing Kubernetes clusters (KubeCon EU 2024) 1 month, 1 week ago | securitylabs.datadoghq.com

attacks clusters controls kubecon +8

Tales from the cloud trenches: Using malicious AWS activity to spot phishing campaigns 1 month, 2 weeks ago | securitylabs.datadoghq.com

aws campaign campaigns cloud +5

Kubernetes security fundamentals: Authentication 2 months, 2 weeks ago | securitylabs.datadoghq.com

authentication fundamentals kubernetes kubernetes security +1

An analysis of a TeamTNT doppelgänger 2 months, 4 weeks ago | securitylabs.datadoghq.com

analysis api api endpoints backdoors +7

Tales from the cloud trenches: Amazon ECS is the new EC2 for crypto mining 3 months, 1 week ago | securitylabs.datadoghq.com

amazon amazon ecs attacks aws +11

From IRC to Instant Messaging: The Rise of Malware Communication via Chat Platforms 3 months, 2 weeks ago | securitylabs.datadoghq.com

chat communication datadog instant messaging +9

Highlights from Datadog Security Labs in 2023 3 months, 3 weeks ago | securitylabs.datadoghq.com

datadog labs security

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Information Security Engineer - Vulnerability Management

@ Starling Bank | Southampton, England, United Kingdom

View on infosec-jobs.com

Manager Cybersecurity

@ Sia Partners | Rotterdam, Netherlands

View on infosec-jobs.com

Compliance Analyst

@ SiteMinder | Manila

View on infosec-jobs.com

Information System Security Engineer (ISSE)-Level 3, OS&CI Job #447

@ Allen Integrated Solutions | Chantilly, Virginia, United States

View on infosec-jobs.com

Enterprise Cyber Security Analyst – Advisory and Consulting

@ Ford Motor Company | Mexico City, MEX, Mexico

View on infosec-jobs.com

View more jobs

all InfoSec news

Following attackers’ (Cloud)trail in AWS: Methodology and findings in the wild

More from securitylabs.datadoghq.com / Datadog Security Labs

Jobs in InfoSec / Cybersecurity

SOC 2 Manager, Audit and Certification

Information Security Engineer - Vulnerability Management

Manager Cybersecurity

Compliance Analyst

Information System Security Engineer (ISSE)-Level 3, OS&CI Job #447

Enterprise Cyber Security Analyst – Advisory and Consulting