catalog logoThe IAM Privilege Catalog

risks / Resource hijacking

Description

Allows an attacker to use system resources for their own purposes. Typically used for resource-intensive pursuits such as cryptomining, or to provide infrastructure for other illegal activities such as running a bot net.

Risk: MEDIUM

Exploited in isolation, this risk has the potential to create operational burden or monetary costs, or access organizational secrets.

Mitigations

  1. Monitor resource usage and spend

Links

  1. https:/​/​attack.mitre.org/​techniques/​T1496/​

Affected Privileges

An attacker may be able to exploit this risk if they gain any of the following privileges:

Google Cloud Platform

appengine.instances.enableDebug
appengine.versions.create
bigquery.models.create
cloudfunctions.functions.create
cloudfunctions.functions.sourceCodeSet
compute.autoscalers.create
compute.autoscalers.update
compute.instanceGroupManagers.create
compute.instances.create
compute.instances.osAdminLogin
compute.instances.osLogin
container.clusters.create
container.daemonSets.create
container.daemonSets.update
container.deployments.create
container.deployments.update
container.deployments.updateScale
container.jobs.create
container.jobs.update
container.pods.create
container.replicaSets.create
container.replicaSets.update
container.replicaSets.updateScale
container.statefulSets.create
container.statefulSets.update
container.statefulSets.updateScale
iap.projects.updateSettings
iap.webServiceVersions.updateSettings
iap.webServices.updateSettings
iap.webTypes.updateSettings
run.jobs.run
run.jobs.runWithOverrides
run.jobs.update
run.services.create
run.services.update

© 2023–present P0 Security and contributors to the IAM Privilege Catalog