Certified Cybersecurity Technician Exam 212-82 PDF
Document Details
Uploaded by barrejamesteacher
null
EC-Council
Tags
Related
- Chapter 2 - 07 - Understand IoT, OT, and Cloud Attacks - 04_ocred.pdf
- Chapter 2 - 07 - Understand IoT, OT, and Cloud Attacks - 03_ocred_fax_ocred.pdf
- Cloud and Virtualization Security PDF
- Cybersecurity Threats: Protecting Your Digital Assets PDF
- CCSK v5 Sample Questions PDF
- Introducción a los Ciberdelitos PDF
Summary
This document covers cloud-based attacks, such as man-in-the-cloud attacks, cloud hopper attacks, and cloud cryptojacking, for the Certified Cybersecurity Technician exam 212-82. The document also discusses the differences between cloud-based and on-premises security. It includes information about risks, costs, and other relevant factors for security professionals.
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Information Security Attacks Cloud-specific Attacks Most organizations adopt cloud technology because it reduces the cost via optimized and efficient computing. Robust cloud technology offers different types of services to end-users; however, many peopl...
Certified Cybersecurity Technician Exam 212-82 Information Security Attacks Cloud-specific Attacks Most organizations adopt cloud technology because it reduces the cost via optimized and efficient computing. Robust cloud technology offers different types of services to end-users; however, many people are concerned about critical cloud security risks and threats, which attackers may take advantage of to compromise data security, gain illegal access to networks, etc. This section covers cloud-based attacks such as man-in-the-cloud attacks, cloud hopper attacks, and cloud cryptojacking. Module 02 Page 370 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Cloud-based vs. On-premises Attacks o Cloud is not always the solution g Cloud-based security reduces cost but increases risk Probability of redirection risks Lower detection capability in the cloud On-premises security increases productivity and availability L* n Lack of on-premises infrastructure reduces cloud view Cloud-based vs. On-premises Attacks Organizations and security professionals who decide to shift their IT infrastructure from onpremises to the cloud need to assess the security risks and benefits before deploying cloud services. = Cloud is not always the solution Some organizations believe that cloud is the best solution for efficient cyber threat management. Although cloud services provide a comprehensive security strategy for organizations, it still includes inherent weaknesses that make them less preferable for organizations that require complete protection. * Cloud-based security reduces cost but increases risk Organizations utilizing security infrastructure party cloud provider. organization by adding = cloud-based security are not required to maintain dedicated and data centers, as all these facilities are provided by the thirdIn other words, on-premises-based security can burden the the cost of data centers and infrastructure to its expenses. Probability of redirection risks Although forwarding potentially malicious network traffic away from on-premises infrastructure has benefits, it still has some implications that require consideration. Always-on cloud services require the full-time redirection and monitoring of traffic from a remote security center. This type of redirection can increase the network latency and degrade the performance of the applications used by end customers. For the efficient management of application infrastructure, many applications expect minimal latency. Therefore, organizations that use always-on and cloud-only cyber security protection Module 02 Page 371 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 must assess risks such as the risk of a targeted attack on a growing customer base that can compromise the security of all customers. Organizations that leverage both cloud-based and on-premises infrastructure do not have such types of risks and can easily detect evolving threats and attacks without switching the traffic between on-premises and cloud infrastructure. * Lower detection capability in the cloud For organizations that need cloud services providing cyber-attack protection, speed and accuracy in detection are major considerations. Many cloud-based security solutions advertise that they are very efficient in detecting various attack vectors and can further identify and isolate malicious traffic from legitimate traffic efficiently. However, these security solutions detect attacks by monitoring network traffic using network monitoring tools that detect malicious traffic based on specific traffic patterns and thresholds, instead of performing deep packet inspection to identify malicious behaviors that lead to an attack. * On-premises security increases productivity and availability Organizations maintaining cyber-security teams on-premises can ensure the security of all the resources round the clock. These teams can conduct frequent security checks on the IT infrastructure. Conversely, on-premises security can result in additional maintenance and equipment costs. * Lack of on-premises infrastructure reduces cloud view Many cloud solutions redirect traffic from target resources to a security center for identifying malicious traffic and implementing mitigation strategies. This processing increases the latency and reduces the speed of mitigation. Alternatively, hybrid solutions that utilize both on-premises infrastructure and cloud resources have the benefit of advanced attack visibility. Module 02 Page 372 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Side-Channel Attacks or Cross-guest VIVI Breaches O The attacker compromises the cloud by placing a a side-channel attack near to a target cloud server and then launches O In a side-channel attack, the attacker i i takes advantage of the shared physical resources (processor cache) to 0 Side-channel attacks can be implemented by any i i ine (cryptographic keys) from the victim due to the vulnerabilities in shared technology resources Multi-tenant Cloud Cache (RO > (ol > Attacker impersonates and Timing Attack D E Data Remanence """. Victim’s VM.................................. N 88 Cryptographic Keys/ : 'y DDDA Plain Text Secrets Acoustic Cryptanalysis - Power Monitoring Attack Steals victim's 2 credentials - i J : i o Attacker A Differential Fault Analysis ¢ Side-Channel Attacks or Cross-guest VM Breaches Attackers can compromise the cloud by placing a malicious virtual machine near a target cloud server and then launch a side-channel attack. The below figure shows how an attacker can compromise the cloud by placing a malicious VM near a target cloud server. The attacker runs the VM on the same physical host as the target VM and takes advantage of the shared physical resources (processor cache). Then, he launches side-channel attacks (timing attack, data remanence, acoustic cryptanalysis, power monitoring attack, and differential fault analysis) to extract cryptographic keys/plain text secrets to steal the victim’s credentials. Side-channel attacks can be implemented by any co-resident user and are mainly related to vulnerabilities in shared technology resources. Finally, the attacker uses the stolen credentials to impersonate the victim. E Multi-tenant.............................. Cloud - User ey 0 : -------------- A Cryptographic Keys/ Plain Text Secrets Attacker impersonates victim using the stolen credentials........................ s — Victimls R S, L — s Y - Y—— ge : : V i Attacker’s > N é................. A Steals victim’s credentials VM VM. OO OO OO L g Attacker Figure 2.73: Example of Side-Channel attacks Module 02 Page 373 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Man-in-the-Cloud (MITC) Attack MITC attacks are an advanced version of Man-in- the-middle (MITM) attacks. The attacker tricks the victim into installing a malicious code, which plants the attacker’s synchronization token on the victim’s drive 3 Then, the attacker steals the victim’s synchronization token and uses the stolen token to gain access to the victim’s files Later, the attacker restores the malicious token with \q the original synchronized token of the victim, thus returning the drive application to its original state — -— — 0 and stays undetected L All Rights Reserved. Reproduction s Strictly Prohibited. | | Man-in-the-Cloud (MITC) Attack MITC attacks are an advanced version of MITM attacks. In MITM attacks, an attacker uses an exploit that intercepts and manipulates the communication between two parties, while MITC attacks are carried out by abusing cloud file synchronization services, such as Google Drive or DropBox, for data compromise, command and control (C&C), data exfiltration, and remote access. Synchronization tokens are used for application authentication in the cloud but cannot distinguish malicious traffic from normal traffic. Attackers abuse this weakness in cloud accounts to perform MITC attacks. / |\\ \N —=) *%1 0 q / N | | (2 |\ (S / | | Figure 2.74: Example of Man-in-the-Cloud attacks Module 02 Page 374 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 As shown in the figure, the attacker tricks the victim to install attacker’s synchronization token on the victim’s drive. Then, synchronization token and uses it to gain access to the victim’s the malicious token with the original synchronized token of application to its original state and stays undetected. Module 02 Page 375 a malicious code that plants the the attacker steals the victim’s files. Later, the attacker restores the victim, returning the Drive Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.