Cloud provider threats

Cloud provider threats

Cloud provider threats cover the following categories of attacks:

  • A tenant to hack the provider

    • A tenant may run out of a VM or container using security breaches and get access to management network (EoP)

    • A fraud tenant can sign up using stolen credentials, for example, to organize a botnet, run a bitcoin miner or Command-and-Control server that a victim will pay for (EoP, Repudiation, Spoofing)

    • Brute-force and dictionary attacks (EoP)

    • Resource exhaustion (DoS)

  • Malicious tenant behaviour that leads to blacklisting or loss of reputation of a cloud provider that include:

    • Outgoing DDoS attacks

    • Spamming

    • Mining Bitcoins

    • Distributing malware, pirated, or other illegal content

  • Outsider threats:

    • Targeted Attacks (EoP)

    • DDoS

    • Human-related threats: insider access (EoP) and social engineering (Spoofing, EoP)

    • 3-d parties access (Information Disclosure)

    • MITM (Information Disclosure) and DoS attacks using BGP exposed to the Internet

    • Vulnerabilities in network devices (EoP)

To mitigate cloud provider threats:

  • Lock out an attacker’s logins after repeated failures for brute-force protection (EoP).

  • Disable indexing by search engines using robots.txt or similar for public administrative interfaces (Information Disclosure).

  • Change default passwords (EoP).

  • Use WAF to limit access to admin interfaces (EoP).

  • Use network IDPS to monitor and detect anomalies in management and tenants networks (EoP, Information Disclosure, Spoofing, Repudiation).

  • Enable logging to trace EoP attempts and mitigate repudiation attacks.

  • Enable BGP peer filtering (Information Disclosure, EoP).

  • Enable vulnerability management (EoP).

See also

Securing the Virtual Environment. How to Defend the Enterprise against Attack, Davi Ottenheimer, Matthew Wallace, Wiley, 2014.