Cloud provider threats

Cloud provider threats

Cloud provider threats cover the following categories of attacks:

  • A tenant to hack the provider
    • A tenant may run out of a VM or container using security breaches and get access to management network (EoP)
    • A fraud tenant can sign up using stolen credentials, for example, to organize a botnet, run a bitcoin miner or Command-and-Control server that a victim will pay for (EoP, Repudiation, Spoofing)
    • Brute-force and dictionary attacks (EoP)
    • Resource exhaustion (DoS)
  • Malicious tenant behaviour that leads to blacklisting or loss of reputation of a cloud provider that include:
    • Outgoing DDoS attacks
    • Spamming
    • Mining Bitcoins
    • Distributing malware, pirated, or other illegal content
  • Outsider threats:
    • Targeted Attacks (EoP)
    • DDoS
    • Human-related threats: insider access (EoP) and social engineering (Spoofing, EoP)
    • 3-d parties access (Information Disclosure)
    • MITM (Information Disclosure) and DoS attacks using BGP exposed to the Internet
    • Vulnerabilities in network devices (EoP)

To mitigate cloud provider threats:

  • Lock out an attacker’s logins after repeated failures for brute-force protection (EoP).
  • Disable indexing by search engines using robots.txt or similar for public administrative interfaces (Information Disclosure).
  • Change default passwords (EoP).
  • Use WAF to limit access to admin interfaces (EoP).
  • Use network IDPS to monitor and detect anomalies in management and tenants networks (EoP, Information Disclosure, Spoofing, Repudiation).
  • Enable logging to trace EoP attempts and mitigate repudiation attacks.
  • Enable BGP peer filtering (Information Disclosure, EoP).
  • Enable vulnerability management (EoP).

See also

Securing the Virtual Environment. How to Defend the Enterprise against Attack, Davi Ottenheimer, Matthew Wallace, Wiley, 2014.