catalog logoThe IAM Privilege Catalog

risks / Account persistence

Description

Allows an attacker to maintain access to the target system by manipulating existing accounts or creating new accounts. This can include modifying credentials and permission groups and other activity designed to subvert security policies.

Risk: BOOST

This risk allows an attacker to significantly increase the scope of an attack, or the sensitivity of accessed systems.

Mitigations

  1. Use least-privileged access
  2. Use multi-factor authentication for user and privileged accounts
  3. Use firewalls and other access control mechanisms to isolate critical systems

Links

  1. https:/​/​attack.mitre.org/​techniques/​T1098/​
  2. https:/​/​attack.mitre.org/​techniques/​T1136/​

Affected Privileges

An attacker may be able to exploit this risk if they gain any of the following privileges:

Google Cloud Platform

iam.roles.create
iam.roles.undelete
iam.serviceAccountKeys.create
iam.serviceAccountKeys.enable
iam.serviceAccounts.create
iam.serviceAccounts.enable
iam.serviceAccounts.undelete
© 2023–present P0 Security and contributors to the IAM Privilege Catalog