Cloud provider threats
Cloud provider threats cover the following categories of attacks:
- A tenant to hack the provider
- A tenant may run out of a VM or container using security breaches
and get access to management network (EoP)
- A fraud tenant can sign up using stolen credentials, for example,
to organize a botnet, run a bitcoin miner or Command-and-Control server
that a victim will pay for (EoP, Repudiation, Spoofing)
- Brute-force and dictionary attacks (EoP)
- Resource exhaustion (DoS)
- Malicious tenant behaviour that leads to blacklisting or loss of reputation
of a cloud provider that include:
- Outgoing DDoS attacks
- Spamming
- Mining Bitcoins
- Distributing malware, pirated, or other illegal content
- Outsider threats:
- Targeted Attacks (EoP)
- DDoS
- Human-related threats: insider access (EoP)
and social engineering (Spoofing, EoP)
- 3-d parties access (Information Disclosure)
- MITM (Information Disclosure) and DoS attacks using BGP exposed
to the Internet
- Vulnerabilities in network devices (EoP)
To mitigate cloud provider threats:
- Lock out an attacker’s logins after repeated failures
for brute-force protection (EoP).
- Disable indexing by search engines using
robots.txt
or similar
for public administrative interfaces (Information Disclosure).
- Change default passwords (EoP).
- Use WAF to limit access to admin interfaces (EoP).
- Use network IDPS to monitor and detect anomalies in management and tenants
networks (EoP, Information Disclosure, Spoofing, Repudiation).
- Enable logging to trace EoP attempts and mitigate repudiation attacks.
- Enable BGP peer filtering (Information Disclosure, EoP).
- Enable vulnerability management (EoP).
See also
Securing the Virtual Environment. How to Defend the Enterprise against Attack,
Davi Ottenheimer, Matthew Wallace, Wiley, 2014.