3.6 Attacks & exploits: Cloud attacks Flashcards
Attacking the Cloud: what are the ways to attack the cloud (4)?
- Malware Injection Attack
- Side-Channel Attack
- Direct-To-Origin (D2O) Attack
- Denial of Service (DoS) Attack
Attacking the Cloud: explain Malware Injection Attack
▪ Attempts to add an infected service implementation module to the cloud service
▪ The attacker is attempting to insert malicious code into a cloud service or server
Attacking the Cloud: explain Side-Channel Attack and how to prevent from it (3)
▪ Aims to measure or exploit the indirect effects of a system instead of targeting the code or program directly
▪ Prevention:
● Data encryption
● Multi-factor authentication
● Routine monitoring and auditing
Attacking the Cloud: explain Direct-To-Origin (D2O) Attack and explain step-by-step how it happens (3)
▪ Attempts to bypass reverse proxies to directly attack the original network or IP address of the cloud-based server:
1- Attacker launch the attack to the reverse proxy that fwd it to the origin server
2- The reverse proxy disclause
Attacking the Cloud: explain Denial of Service (DoS) Attack and Resource Exhaustion Techniques
Used to attack any protocol, device, operating system, or service to try and disrupt the services it provides to its users.
Resource Exhaustion Techniques:
● Amplification/Volumetric Attack: Used to saturate the bandwidth of a given network resource
● Fragmentation of Requests: Sending multiple fragmented HTTP requests to a server
Attacking the Cloud: what are the other DoS Attacks (6)
● Packet flood
● SYN flood
● HTTP flood
● DNS flood
● DNS amplification
● NTP amplification
Credential Harvesting: what is it?
Any attack designed to steal usernames and passwords
Credential Harvesting: list the different way to harvest from credentials (3)
o Account Takeover
o Privilege Escalation
o Vulnerabilities to Exploit
Credential Harvesting: what is Account Takeover type of doing credential harvesting? Is it easily detected?
▪ Attackers silently embed themselves within an organization to slowly gain additional access or infiltrate new organizations
▪ Account takeovers are very hard to detect
Credential Harvesting: what is Privilege Escalation type of doing credential harvesting? Name to 2 types of doing privilege escalation?
Occurs when an attacker gains the rights of another user or an administrator:
● Vertical: User to admin/root account
● Horizontal: User to another user account
Credential Harvesting: what are the Vulnerabilities to Exploit to do credential harvesting (7)?
▪ Security Account Manager (SAM) File: Contains the hashed passwords of every user on a given Windows system or domain
▪ Windows UAC
▪ Weak Process Permissions
▪ Shared folders: Many organizations do not enable access controls to their files and folders on a shared drive
▪ Dynamic Link Library (DLL): A library file that contains code that can be used or referenced by more than one program
▪ Writable services: Writeable services and unquoted service paths can be used to inject a malicious application that will be launched during startup
▪ Missing patches
Misconfigured Assets: what is a misconfigured cloud asset?
Account, storage, container, or other cloud-based resource that is vulnerable to attack because of its current configuration
Misconfigured Assets: what is Cloud Federation? How can you prevent misconfigured cloud federation?
▪ The combination of infrastructure, platform services, and software to create data and applications that are hosted by the cloud
▪ Identify who’s responsible for the approval of new services and servers, as well as for their vulnerability and patch management
Misconfigured Assets: what is Identity and Access Management (IAM)?
Defines how users and devices are represented in the organization and their associated permissions to resources within the organization’s cloud federation
Misconfigured Assets: what are the assets types to be configured in IAM (5)? How should they be configured?
▪ Personnel Type: Used in IAM to define identities for an organization’s employees. An organization should ensure they are providing good end-user security training
▪ Endpoint Type: Used for resources and devices that are used by personnel to gain legitimate access to the network. Use centralized EMS. Validate endpoints
▪ Server Type: Used for mission-critical systems that provide a service to other users and endpoints. Encryption schemas. Digital certificates. Configuration hardening
▪ Software Type: Used by IAM to uniquely identify a software’s provenance prior to installation. A public key infrastructure should be used to provide higher levels of authentication and authority
▪ Role Type: Used to support the identities of various assets and associated permission and rights to the roles or functions of those resources