Cloud Computing Attacks

Questions and Answers

Which characteristic is essential for cloud computing, according to NIST SP 800-145?

• Reduced bandwidth requirements
• Centralized storage
• Resource pooling (correct)
• Slow elasticity

Which cloud technology attack breaches infrastructure to steal usernames, passwords, tokens, and PINs?

• Side-channel attacks
• Account takeover
• Credential harvesting (correct)
• Privilege escalation

An attacker exploits a software bug to access resources that are normally inaccessible. Which cloud attack is this?

• Account takeover
• Privilege escalation (correct)
• Credential harvesting
• Side-channel attacks

A low-privileged user gains access to functions reserved for higher-privileged users. Which term describes this?

Vertical privilege escalation (B)

A threat actor compromises a user account to access more accounts and information. Identify the cloud technology attack method used.

Account takeover (C)

Which tool can identify vulnerabilities that could lead to metadata service attacks?

Falco (B)

Crafted packets are generated to crash a cloud application. Which cloud technology attack method is in play?

Resource exhaustion attack (D)

A threat actor creates and installs a malicious application into a SaaS, PaaS, or IaaS environment. What attack is this?

Cloud malware injection attack (D)

What commonly causes data breaches when cloud assets are misconfigured?

Using insecure permission configurations for cloud object storage services (A)

A compromised VM shares hardware with non-compromised VMs. Which attack could exfiltrate credentials and cryptographic keys?

Side-channel attack (B)

Which tool helps developers and consumers deploy applications and use cloud provider resources?

Software development kits (SDKs) (A)

A threat actor reverse engineers a mobile app to see how it creates and stores keys in the iOS Keychain. Which vulnerability is targeted?

Insecure storage (A)

Identify the open-source framework used to test iOS application security.

Needle (D)

Which security vulnerability affects IoT implementations and involves unencrypted data transmission?

Plaintext communication and data leakage (D)

Which tool is an open-source container vulnerability scanner for finding vulnerabilities in a Docker image?

Anchore's Grype (B)

Flashcards

Resource Pooling

Sharing computing resources to serve multiple consumers. It is an essential characteristic of cloud computing as defined in NIST SP 800-145.

Credential Harvesting

This attack method breaches the infrastructure to gather sensitive user data.

Account Takeover

Exploiting a bug in a software application to gain unauthorized access.

Privilege Escalation

When a lower-privileged user accesses functions reserved for higher-privileged users.

Account Takeover

When a threat actor gains unauthorized access to a user or application account to access more accounts and information.

Resource Exhaustion Attack

A cloud technology attack method where crafted packets are generated to cause a cloud application to crash.

Cloud Malware Injection Attack

A cloud technology attack method involving creating a malicious application and installing it into a SaaS, PaaS, or IaaS environment.

Insecure Permissions

Insecure configurations for cloud object storage services can lead to data breaches.

Side-Channel Attack

A cloud technology attack method used in a cloud environment that shares the same physical hardware as non-compromised VMs to exfiltrate credentials, cryptographic keys, and other sensitive information.

Software Development Kits (SDKs)

A tool that helps software developers and cloud consumers deploy applications in the cloud.

Insecure Storage

Vulnerability targeted when a threat actor reverse engineers a mobile app to see how it creates and stores keys in the iOS Keychain.

Needle

An open-source framework used to test the security of iOS applications.

Plaintext Communication and Data Leakage

A security vulnerability that affects IoT implementations and includes plaintext communication and data leakage.

Intelligent Platform Management Interface (IPMI)

A collection of compute interface specifications designed to offer management and monitoring capabilities independently of the CPU, firmware, and operating system of the host.

Anchore's Grype

It uses the ClamAV antivirus engine to help detect vulnerabilities, Trojans, backdoors, and malware in Docker images and containers.

Study Notes

• NIST SP 800-145 defines resource pooling as an essential characteristic of cloud computing.
• Credential harvesting involves breaching the infrastructure to gather and steal information like usernames, passwords, tokens, and PINs.
• Account takeover can exploit a bug in a software application to access resources that are normally inaccessible to a user.
• Vertical privilege escalation is when a lower-privileged user accesses functions reserved for higher-privileged users.
• Account takeover is a cloud technology attack method that a threat actor could utilize to access a user or application account, leading to further access to more accounts and information.
• Nimbostratus, Clair, Falco, and Dagda can find vulnerabilities that could lead to metadata service attacks.
• Resource exhaustion attacks could generate crafted packets to cause a cloud application to crash.
• Cloud malware injection attack is the cloud technology attack method which requires a threat actor to create a malicious application and install it in a SaaS, PaaS, or IaaS environment
• Data breaches in misconfigured cloud assets are commonly due to insecure permission configurations for cloud object storage services.
• Side-channel attacks can be used to exfiltrate credentials, cryptographic keys, and sensitive information when a threat actor compromises a VM in a cloud environment, sharing the same physical hardware as the non-compromised VMs.
• Software development kits (SDKs) and Cloud development kits (CDKs) are tools utilized to help software developers and cloud consumers deploy applications in the cloud, using the resources the cloud provider offers.
• Insecure storage is a mobile device vulnerability is targeted when a threat actor reverse engineers a mobile app to see how it creates and stores keys in the iOS Keychain.
• Needle is an open-source framework for testing iOS application security
• Pairing feature exchange, short-term key generation, and transport-specific are options for Matching the Bluetooth Low Energy (BLE) phase to the description.
• Plaintext communication and data leakage is a security vulnerability that affects IoT implementations.
• Turbines in a power plant and robots in a factory are two types of IoT systems that should never be exposed to the Internet.
• Intelligent Platform Management Interface (IPMI) is a collection of compute interface specifications designed to offer management and monitoring capabilities independently of the CPU, firmware, and operating system of the host.
• VM repository vulnerability is enabled when a threat actor uploads a VM with malicious software to the VMware Marketplace, allowing them to manipulate systems, applications, and user data when an organization deploys the VM.
• Anchore's Grype includes open-source analysis tools using the ClamAV antivirus engine to detect vulnerabilities, Trojans, backdoors, and malware in Docker images and containers.
• Social-Engineer Toolkit (SET) can be used as a credential harvesting tool for sending spear phishing emails containing links to malicious sites, targeting victims.
• Cloud architectures help minimize the impact of DoS or DDoS attacks compared to on-premise hosting services because cloud providers use a distributed architecture
• Type 1 hypervisors and Type 2 hypervisors are characteristics of a VM hypervisor
• VM escape vulnerability is discovered when a threat actor compromises a VM in a data center and discovers a vulnerability that provides access to data in another VM.
• GATTacker can be used to perform on-path attacks in BLE implementations
• Anchore's Grype is an open-source container vulnerability scanner for finding vulnerabilities in a Docker image.