Cloud provider threats cover the following categories of attacks:
A tenant to hack the provider
A tenant may run out of a VM or container using security breaches and get access to management network (EoP)
A fraud tenant can sign up using stolen credentials, for example, to organize a botnet, run a bitcoin miner or Command-and-Control server that a victim will pay for (EoP, Repudiation, Spoofing)
Brute-force and dictionary attacks (EoP)
Resource exhaustion (DoS)
Malicious tenant behaviour that leads to blacklisting or loss of reputation of a cloud provider that include:
Outgoing DDoS attacks
Spamming
Mining Bitcoins
Distributing malware, pirated, or other illegal content
Outsider threats:
Targeted Attacks (EoP)
DDoS
Human-related threats: insider access (EoP) and social engineering (Spoofing, EoP)
3-d parties access (Information Disclosure)
MITM (Information Disclosure) and DoS attacks using BGP exposed to the Internet
Vulnerabilities in network devices (EoP)
To mitigate cloud provider threats:
Lock out an attacker’s logins after repeated failures for brute-force protection (EoP).
Disable indexing by search engines using robots.txt
or similar
for public administrative interfaces (Information Disclosure).
Change default passwords (EoP).
Use WAF to limit access to admin interfaces (EoP).
Use network IDPS to monitor and detect anomalies in management and tenants networks (EoP, Information Disclosure, Spoofing, Repudiation).
Enable logging to trace EoP attempts and mitigate repudiation attacks.
Enable BGP peer filtering (Information Disclosure, EoP).
Enable vulnerability management (EoP).
See also
Securing the Virtual Environment. How to Defend the Enterprise against Attack, Davi Ottenheimer, Matthew Wallace, Wiley, 2014.