Cloud provider threats¶

Cloud provider threats cover the following categories of attacks:

• A tenant to hack the provider

  • A tenant may run out of a VM or container using security breaches and get access to management network (EoP)

  • A fraud tenant can sign up using stolen credentials, for example, to organize a botnet, run a bitcoin miner or Command-and-Control server that a victim will pay for (EoP, Repudiation, Spoofing)

  • Brute-force and dictionary attacks (EoP)

  • Resource exhaustion (DoS)

• Malicious tenant behaviour that leads to blacklisting or loss of reputation of a cloud provider that include:

  • Outgoing DDoS attacks

  • Spamming

  • Mining Bitcoins

  • Distributing malware, pirated, or other illegal content

• Outsider threats:

  • Targeted Attacks (EoP)

  • DDoS

  • Human-related threats: insider access (EoP) and social engineering (Spoofing, EoP)

  • 3-d parties access (Information Disclosure)

  • MITM (Information Disclosure) and DoS attacks using BGP exposed to the Internet

  • Vulnerabilities in network devices (EoP)

To mitigate cloud provider threats:

• Lock out an attacker’s logins after repeated failures for brute-force protection (EoP).

• Disable indexing by search engines using robots.txt or similar for public administrative interfaces (Information Disclosure).

• Change default passwords (EoP).

• Use WAF to limit access to admin interfaces (EoP).

• Use network IDPS to monitor and detect anomalies in management and tenants networks (EoP, Information Disclosure, Spoofing, Repudiation).

• Enable logging to trace EoP attempts and mitigate repudiation attacks.

• Enable BGP peer filtering (Information Disclosure, EoP).

• Enable vulnerability management (EoP).