Cloud Computing Threats

A number of threats in the cloud include but are not limited to the following:

Data breaches

This security incident occurs when an unauthorized intruder accesses, copies or transmits private, confidential or sensitive data belonging to a person or organization.

Data breaches are often a result of simple human error, poor security practices, targeted attacks, and application vulnerabilities.

Data loss

This if often experiences due to hard drive failure, malware attacks, natural disasters (for example, earthquakes and floods), power failure and human errors (Accidental file deletion by a cloud administrator) leading to corrupt or unavailability of data. Data must be backed up in multiple geographically-spanned locations so that in case of a data loss, a similar copy can be obtained from a remote location for replacement.

Malicious insiders

These are past or present malicious insiders like a system administrator, former employee, business partner or a third-party contractor with high-level of access to potentially private, sensitive information and critical systems leading to a serious data breach.

Denial of Service (DoS)

A DoS attack originates from a source machine only and is designed to deny legitimate users access to their privileged/subscribed cloud services, data or application, by making these resources and services available.

Distributed Denial of Service (DDoS) attack

Unlike DoS that originates from a single system to attack a cloud service, on the other hand, a DDoS attack locates vulnerable systems (zombies/slaves) participating in a network, whose collection is termed as a botnet, and the attacker leverages on these vulnerabilities to distribute different kinds of malware.

The zombies are made to send fake traffic which in turn floods the network, thereby making real data, applications or other resources in cloud unavailable to legitimate users.

Vulnerable systems and application programming interfaces (APIs)

Cloud APIs represent gateways which can be well exploited by an attacker to gain considerable access to cloud resources. Similarly, cloud APIs commonly used by subscribers to access cloud services are also sometimes exposed by cloud service providers.

A special security requirement is that the APIs need to be designed to allow access via encrypted keys, which are used to authenticate the API user to guide against accidental and malicious random attempts.

Weak authentication and identity management

Potential vulnerabilities are exploited by attackers when organizations allocate designated permissions to job roles of their users.

Hence, attackers could masquerade as legitimate operators, users or developers to gain unauthorized access to critical data, control and management functionalities of the cloud services. As such, attackers can inject malicious software to attack the cloud services, modify data and service management /control parameters or sniff data in transit.

Account hijacking

This involves the stealing and using of the account details of a legitimate user for disreputable purposes using techniques like fraud and phishing.

The credential hijackers can easily compromise availability, integrity and confidentiality of the cloud services. A multifactor authentication mechanism should be enabled to mitigate the sharing of account credentials between users and cloud services.

Shared technology vulnerabilities

Vulnerability and misconfigured component or weak isolation properties of a cloud services’ component in a shared multi-tenant cloud system can be leveraged upon by attackers to cause data breach due to compromised cloud data security.

Best practices should be employed for data management and client implementation to guide against shared technology vulnerabilities.

Lacking due diligence

Lack of due diligence entails the failure of a cloud consumer to evaluate the CSPs for availability of cloud services with best practices resulting in application security problems.

Due diligence involves verification of the availability of appropriate security controls, standards and accreditations such as DCS, HIPAA, ISO 9001 and PCI owned by CSPs to meet standard service requirements of the customers.

Advanced Persistent Threats (APT)

An APT is a very hard-to-detect adaptive program that penetrates the cloud infrastructure of an organization to steal data via techniques such as direct hacking, use of unsecured third party APIs, spear phishing, attack code on USB devices, and penetration through the network.

This can be mitigated via frequent infrastructure monitoring, advanced security controls and rigid process management.

Abuse of cloud services

Poorly secured cloud service deployments, fraudulent account sign-ups via payment interfaces, and free cloud service trials expose cloud computing models to malicious attacks.

Metadata spoofing attack

The metadata of cloud service contains information of the user about different services, including location of different network components, format of data or security requirements. This information can be modified by attackers to redirect users to a different place, a concept similar to DNS poisoning.