If you have detected abuse that is coming from a Cloud Provider or are suspicious that your infrastructure is being attacked by a Cloud Provider, please use the following steps to report it.

1. Identify the Cloud Provider that the abuse is coming from.

Each cloud provider has a unique network and IP range that can be found at the following links to assist you in identifying which provider the hosted attack is coming from:

Amazon Web Services (AWS)

Microsoft Azure

Google Cloud Platform (GCP)

2. Report Abuse to the Cloud Provider

Once the cloud provider has been identified, use the following links to report the abuse to the cloud provider directly.

Amazon Web Services (AWS)

Microsoft Azure

Google Cloud Platform (GCP)

In your report, you will likely be asked for IP address involved in the abuse, description of the abusive behaviors, timestamps of the incidents and logs or evidence of the abuse.

3. Reach out to the CSOC and the Public Cloud Team for awareness.

Please include all information sent to the cloud provider.

Public Cloud Team Contact Information

Report an Incident to the CSOC

4. Review security policies and limit access to your infrastructure.

While waiting for the cloud provider to respond to your report, you can protect your resources by closing unnecessary ports in your firewalls or security groups, limiting traffic to your infrastructure to allow only trusted networks, and removing unused user accounts.