Threat actors may enumerate objects in cloud storage infrastructure. Threat actors may use this information during automated discovery to shape follow-on behaviors, including requesting all or specific objects from cloud storage. Similar to File and Directory Discovery on a local host, after identifying available storage services (i.e. Cloud Infrastructure Discovery) Threat actors may access the contents/objects stored in cloud infrastructure.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.