Skip to main content

AWS Lambda functions modified

ID:aws_lambda_modified
Data type:AWS CloudTrail
Severity:
Low
MITRE ATT&CK:TA0040:T1496.004

Description

AlphaSOC detected modifications to an AWS Lambda function. AWS Lambda is a serverless compute service that executes code in response to events. Unexpected changes such as altering permissions, updating aliases, modifying event source mappings, and modifying the function's code or configuration may indicate potential malicious activity within your AWS environment.

Impact

If threat actors gain sufficient access to AWS resources, they can inject malicious code, escalate privileges, or create backdoors for persistent access. This could lead to data breaches, unauthorized resource usage, or compromise of other connected services. Additionally, modified functions may disrupt legitimate operations or result in unexpected costs from increased resource consumption.

Severity

SeverityCondition
Low
Unexpected action made from an unexpected region or ASN

Investigation and Remediation

Investigate the detected modifications by reviewing AWS CloudTrail logs to identify the user or entity that made the changes. Compare the current function configuration with previous versions to spot unauthorized alterations. If malicious activity is confirmed, revert the function to a previous state, review AWS IAM permissions, and rotate any compromised credentials.