Cloud provider threats¶

Cloud provider threats cover the following categories of attacks:

• A tenant to hack the provider
  • A tenant may run out of a VM or container using security breaches and get access to management network (EoP)
  • A fraud tenant can sign up using stolen credentials, for example, to organize a botnet, run a bitcoin miner or Command-and-Control server that a victim will pay for (EoP, Repudiation, Spoofing)
  • Brute-force and dictionary attacks (EoP)
  • Resource exhaustion (DoS)
• Malicious tenant behaviour that leads to blacklisting or loss of reputation of a cloud provider that include:
  • Outgoing DDoS attacks
  • Spamming
  • Mining Bitcoins
  • Distributing malware, pirated, or other illegal content
• Outsider threats:
  • Targeted Attacks (EoP)
  • DDoS
  • Human-related threats: insider access (EoP) and social engineering (Spoofing, EoP)
  • 3-d parties access (Information Disclosure)
  • MITM (Information Disclosure) and DoS attacks using BGP exposed to the Internet
  • Vulnerabilities in network devices (EoP)

To mitigate cloud provider threats:

• Lock out an attacker’s logins after repeated failures for brute-force protection (EoP).
• Disable indexing by search engines using robots.txt or similar for public administrative interfaces (Information Disclosure).
• Change default passwords (EoP).
• Use WAF to limit access to admin interfaces (EoP).
• Use network IDPS to monitor and detect anomalies in management and tenants networks (EoP, Information Disclosure, Spoofing, Repudiation).
• Enable logging to trace EoP attempts and mitigate repudiation attacks.
• Enable BGP peer filtering (Information Disclosure, EoP).
• Enable vulnerability management (EoP).