2/15/2021 14 most common cloud security attacks and counter measures

14 most common cloud security attacks and counter

measures
By Baiju NT - November 13, 2019

C
loud is an emerging technology, offering numerous benefits to organizations of all sizes, such
as reduced IT costs, scalability, efficiency, flexibility, etc. But it comes with its drawbacks,
mainly in the form of security threats and vulnerabilities.

Unlike traditional solutions where perils come from two known sources, either inside or outside the
network, security threats in cloud computing can originate from different levels: application, network,
and user levels.

In this post, we will look at different types of attacks at these three levels: cloud service provider
(CSP) level, network level, and user or host level, and the ways to reduce their damage.

Application or cloud service provider level security issues

Application-level security issues (or cloud service provider CSP level attacks) refer to intrusion from
the malicious attackers due to vulnerabilities of the shared nature of the cloud. Some companies host
their applications in shared environments used by multiple users, without considering the possibilities
of exposure to security breaches, such as:

1. SQL injection
An unauthorized user gains access to the entire database of an application by inserting malicious
code into a standard SQL code. Often used to attack websites, SQL injection can be avoided by the
usage of dynamically generated SQL in the code. It is also necessary to remove all stored procedures
that are rarely used and assign the least possible privileges to users who have permission to access
the database.

2. Guest-hopping attack
In guest-hopping attacks, due to the separation failure between shared infrastructures, an attacker
gets access to a virtual machine by penetrating another virtual machine hosted in the same
hardware. One possible mitigation of guest-hopping attack is the Forensics and VM debugging tools to
observe any attempt to compromise the virtual machine. Another solution is to use the High
Assurance Platform (HAP), which provides a high degree of isolation between virtual machines.

3. Side-channel attack
An attacker opens a side-channel attack by placing a malicious virtual machine on the same physical
machine as the victim machine. Through this, the attacker gains access to all confidential information
on the victim machine. The countermeasure to eliminate the risk of side-channel attacks in a
virtualized cloud environment is to ensure that no legitimate user VMs reside on the same hardware
of other users.

4. Malicious insider
A malicious insider can be a current or former employee or business associate who maliciously and
intentionally abuses system privileges and credentials to access and steal sensitive customer
information within the network of an organization. Strict privilege planning and security auditing can
minimize this security risk that originates from within an organization.

https://roboticsbiz.com/14-most-common-critical-cloud-security-attacks-and-countermeasures/ 1/4
2/15/2021 14 most common cloud security attacks and counter measures

5. Cookie poisoning
Cookie poisoning means to gain unauthorized access into an application or a webpage by modifying
the contents of the cookie. In a SaaS model, cookies contain user identity credential information that
allows the applications to authenticate the user identity. Cookies are forged to impersonate an
authorized user. A solution is to clean up the cookie and encrypt the cookie data.

6. Backdoor and debug option

The backdoor is a hidden entrance to an application, which was created intentionally or
unintentionally by developers while coding. Debug option is also a similar entry point, often used by
developers to facilitate troubleshooting in applications. But the problem is that the hackers can use
these hidden doors to bypass security policies and enter the website and access the sensitive
information. To prevent this kind of attack, developers should disable the debugging option.

7. Cloud browser security

A web browser is a universal client application that uses Transport Layer Security (TLS) protocol to
facilitate privacy and data security for Internet communications. TLS encrypts the connection
between web applications and servers, such as web browsers loading a website. Web browsers only
use TLS encryption and TLS signature, which are not secure enough to defend malicious attacks. One
of the solutions is to use TLS and at the same time XML based cryptography in the browser core.

8. Cloud malware injection attack

A malicious virtual machine or service implementation module such as SaaS or IaaS is injected into
the cloud system, making it believe the new instance is valid. If succeeded, the user requests are
redirected automatically to the new instance where the malicious code is executed. The mitigation is
to perform an integrity check of the service instance before using it for incoming requests in the cloud
system.

9. ARP poisoning
Address Resolution Protocol (ARP) poisoning is when an attacker exploits some ARP protocol
weakness to map a network IP address to one malicious MAC and then update the ARP cache with
this malicious MAC address. It is better to use static ARP entries to minimize this attack. This tactic
can work for small networks such as personal clouds, but it is easier to use other strategies such as
port security features on large-scale clouds to lock a single port (or network device) to a particular IP
address.

Network-level security attacks

Cloud computing largely depends on existing network infrastructure such as LAN, MAN, and WAN,
making it exposed to some security attacks which originate from users outside the cloud or a
malicious insider. In this section, let’s focus on the network level security attacks and their possible
countermeasures.

10. Domain Name System (DNS) attacks

It is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system
(DNS), which converts hostnames into corresponding Internet Protocol (IP) addresses using a
distributed database scheme. DNS servers are subject to various kinds of attacks since DNS is used
by nearly all networked applications – including email, Web browsing, eCommerce, Internet

https://roboticsbiz.com/14-most-common-critical-cloud-security-attacks-and-countermeasures/ 2/4
2/15/2021 14 most common cloud security attacks and counter measures

telephony, and more. It includes TCP SYN Flood Attacks, UDP Flood Attack, Spoofed Source
Address/LAND Attacks, Cache Poisoning Attacks, and Man in the Middle Attacks.

11. Domain hijacking

Domain hijacking is defined as changing a domain’s name without the owner or creator’s knowledge
or permission. Domain hijacking enables intruders to obtain confidential business data or perform
illegal activities such as phishing, where a domain is substituted by a similar website containing
private information. One way to avoid domain hijacking is to force a waiting period of 60 days
between a change in registration and a transfer to another registrar. Another approach is to use the
Extensible Provisioning Protocol (EPP), which utilizes a domain registrant-only authorization key as a
protection measure to prevent unintended name changes. Another approach is to use the Extensible
Provisioning Protocol (EPP), which utilizes a domain registrant-only authorization key as a protection
measure to prevent unauthorized name changes.

12. IP Spoofing
In IP spoofing, an attacker gains unauthorized access to a computer by pretending that the traffic has
originated from a legitimate computer. IP spoofing is used for other threats such as Denial of Service
and Middle Attack Man:

a. Denial of service attacks (DoS)

It is a type of attack that tries to make a website or network resource unavailable. The attacker
floods the host with a massive number of packets in a short amount of time that require extra
processing. It makes the targeted device waste time waiting for a response that never comes. The
target is kept so busy dealing with malicious packets that it does not respond to routine incoming
requests, leaving the legitimate users with denied service.

An attacker can coordinate hundreds of devices across the Internet to send an overwhelming amount
of unwanted packets to a target. Therefore, tracking and stopping DoS is very difficult. TCP SYN
flooding is an example of a DoS attack in which the intruder sends a flood of spoofed TCP SYN
packets to the victim machine. This attack exploits the limitations of the three-way handshake in
maintaining half-open connections.

b. Man In The Middle Attack (MITM)

A man-in-the-middle attack (MITM) is an intrusion in which the intruder relays remotely or probably
changes messages between two entities that think they communicate directly with each other. The
intruder utilizes network packet sniffer, filtering, and transmission protocols to gain access to network
traffic. MITM attack exploits the real-time processing of transactions, conversations, or transfer of
other data. It can be reduced using packet filtering by firewall, secure encryption, and origin
authentication techniques.

End-user/host level attacks

The cloud end-user or host level attacks include phishing, an attempt to steal the user identity that
includes usernames, passwords, and credit card information. Phishing is to send the user an email
containing a link to a fake website that looks like a real one. When the user uses the fake website, his
username and password will be sent to the hacker who can use them to attack the cloud.

Another method of phishing is to send an email to the user claiming to be from the cloud service
company or, for instance, to tell the user to provide their username and password for maintenance

https://roboticsbiz.com/14-most-common-critical-cloud-security-attacks-and-countermeasures/ 3/4
2/15/2021 14 most common cloud security attacks and counter measures

purposes. Countermeasures of phishing are the use of Spam filters and spam blockers in the
browsers. You can also train the users not to respond to any spoofed email and not to give their
credentials to any website.

https://roboticsbiz.com/14-most-common-critical-cloud-security-attacks-and-countermeasures/ 4/4