Serverless - AI Security Technique
AI Security TechniqueAdversaries may purchase and configure serverless cloud infrastructure, such as Cloudflare Workers, AWS Lambda functions, or Google Apps Scripts, that can be used during targeting. By utilizing serverless infrastructure, adversaries can make it more difficult to attribute infrastructure used during operations back to them. Once acquired, the serverless runtime environment can be leveraged to either respond directl...
Overview
A source-backed snapshot of this AI security technique.
Adversaries may purchase and configure serverless cloud infrastructure, such as Cloudflare Workers, AWS Lambda functions, or Google Apps Scripts, that can be used during targeting. By utilizing serverless infrastructure, adversaries can make it more difficult to attribute infrastructure used during operations back to them.
Once acquired, the serverless runtime environment can be leveraged to either respond directly to infected machines or to Proxy traffic to an adversary-owned command and control server. As traffic generated by these functions will appear to come from subdomains of common cloud providers, it may be difficult to distinguish from ordinary traffic to these providers. This can be used to bypass a Content Security Policy which prevent retrieving content from arbitrary locations.
Technique details
Identifiers, maturity, and source taxonomy for this technique.
- ATLAS ID
- AML.T0008.004
- Maturity
- feasible
- ATT&CK external ID
- T1583.007
- Priority score
- 10
Attack flow
How to read the public records connected to this technique.
Impact
Why this technique may deserve attention in the current dataset.
- Evidence levelfeasible
- Mapped defenses0 ATLAS mitigation records
- Public examples0 linked case study records
- Research risks0 related MIT AI Risk records above the confidence threshold
- Vulnerabilities0 linked CVE records
Mitigations
Defenses that may help against this attack.
Case studies
Examples from public reports and exercises.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
