Threat actors may abuse cloud management services to execute commands within virtual machines. Resources such as AWS Systems Manager, Azure RunCommand, and Runbooks allow users to remotely run scripts in virtual machines by leveraging installed virtual machine agents.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.