AWS Lambda functions modified
Description
AlphaSOC detected modifications to an AWS Lambda function. AWS Lambda is a serverless compute service that executes code in response to events. Unexpected changes such as altering permissions, updating aliases, modifying event source mappings, and modifying the function's code or configuration may indicate potential malicious activity within your AWS environment.
Impact
If threat actors gain sufficient access to AWS resources, they can inject malicious code, escalate privileges, or create backdoors for persistent access. This could lead to data breaches, unauthorized resource usage, or compromise of other connected services. Additionally, modified functions may disrupt legitimate operations or result in unexpected costs from increased resource consumption.
Severity
| Severity | Condition |
|---|---|
Low | Unexpected action made from an unexpected region or ASN |
Investigation and Remediation��
Investigate the detected modifications by reviewing AWS CloudTrail logs to identify the user or entity that made the changes. Compare the current function configuration with previous versions to spot unauthorized alterations. If malicious activity is confirmed, revert the function to a previous state, review AWS IAM permissions, and rotate any compromised credentials.