Infringement
Disruption of Business Operations
Excessive Personal Use
Exfiltration via Email
Exfiltration via Media Capture
Exfiltration via Messaging Applications
Exfiltration via Other Network Medium
Exfiltration via Physical Medium
- Exfiltration via Bring Your Own Device (BYOD)
- Exfiltration via Disk Media
- Exfiltration via Floppy Disk
- Exfiltration via New Internal Drive
- Exfiltration via Physical Access to System Drive
- Exfiltration via Physical Documents
- Exfiltration via Target Disk Mode
- Exfiltration via USB Mass Storage Device
- Exfiltration via USB to Mobile Device
- Exfiltration via USB to USB Data Transfer
Exfiltration via Web Service
Inappropriate Web Browsing
Installing Unapproved Software
Misappropriation of Funds
Non-Corporate Device
Providing Access to a Unauthorized Third Party
Public Statements Resulting in Brand Damage
Sharing on AI Chatbot Platforms
Theft
Unauthorized Changes to IT Systems
Unauthorized Printing of Documents
Unauthorized VPN Client
Unlawfully Accessing Copyrighted Material
- ID: IF014.005
- Created: 20th June 2024
- Updated: 24th July 2024
- Contributor: The ITM Team
Deletion of Cloud Resources
A subject deletes cloud resources, resulting in harm to the organization's operations.
Detection
ID | Name | Description |
---|---|---|
DT064 | AWS CloudTrail, Resource Deletion | CloudTrail logs by themselves, or in conjunction with CloudWatch, can be used to identify resource deletion events. These logs contain the account that performed the action (within the userIdentity field), a timestamp (within the eventTime field), and more detailed information depending on what resource was deleted. Some eventName examples include; |
DT066 | Azure Activity Log, Resource Deletion | Azure Activity Log can be used to identify resource deletion events by using the search bar to filter by operations related to deletion, such as |
DT065 | GCP Cloud Audit Logs, Resource Deletion | GCP Cloud Audit Logs can be used to identify resource deletion events. These logs contain the account that performed the action (within the Principal field), a timestamp, and more detailed information depending on what resource was deleted. Some query examples include; |