Alice, a professional hacker, targeted an organization’s cloud services. She infiltrated the target’s MSP provider by sending spear-phising emails and distributed custom-made malware to compromise user account and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attack on the target organization.
Which of the following cloud attacks did Alice perform in the above scenario?
Option 1 : Cloud hopper attack
Option 2 : Man-in-the-cloud (MITC) attack
Option 3 : Cloudborne attack
Option 4 : Cloud cryptojacking
1. Cloud hopper attack
Operation Cloud Hopper was an in depth attack and theft of data in 2017 directed at MSP within the uk (U.K.), us (U.S.), Japan, Canada, Brazil, France, Switzerland, Norway, Finland, Sweden, South Africa , India, Thailand, South Korea and Australia. The group used MSP as intermediaries to accumulate assets and trade secrets from MSP client engineering, MSP industrial manufacturing, retail, energy, pharmaceuticals, telecommunications, and government agencies.
Operation Cloud Hopper used over 70 variants of backdoors, malware and trojans. These were delivered through spear-phishing emails. The attacks scheduled tasks or leveraged services/utilities to continue Microsoft Windows systems albeit the pc system was rebooted. It installed malware and hacking tools to access systems and steal data.
2. Man-in-the-cloud (MITC) attack
Cloud storage has slowly but surely become the simplest method for sharing, backing up and remotely accessing data altogether forms, from Word documents to movies to sensitive, personally identifiable information. So, given Google’s position within the IT industry, it should come as no surprise that users – both consumers and enterprises – love Google Drive. After all, it is easy to use, accessible from any device round the globe and everybody else is on an equivalent platform. However, those that cash in of those cloud storage services rarely – if ever – believe Google Drive security. that’s close to change.
A new sort of attack
At Black Hat USA 2015, Imperva released a report that explained a replacement sort of attack vector that permits cybercriminals to access data and documents stored in popular file synchronization services like Google Drive. Dubbed “man-in-the-cloud attacks,” hackers are ready to steal data, also as control access to users’ whole Drives and every one the documents inside.
The report warned that this is often an enormous risk factor for enterprises and consumers, especially since the MITC attacks don’t believe compromising credentials and that they don’t require malicious code or exploits. Instead, cybercriminals infiltrate end-user machines, steal synchronization tokens directly from the computer’s registry and place them on different devices. Google Drive doesn’t care which machine uses the token, as long as it’s authentic, so cybercriminals will have complete access to and control over the associated Drive.
MITC attacks also are incredibly difficult to detect even with cutting-edge cybersecurity systems, the report surmised. Hackers don’t need the web , and that they can infiltrate accounts by simply altering registry keys, so users won’t remember of the breach either. To further heighten the severity of MITC attacks, Imperva researchers wrote that when Google Drive accounts are compromised via a MITC attack, they need to be deleted them permanently , as there’s no thanks to remove the threat.
“We should be really worried about this,” Amichai Schulman, chief technology office at Imperva, told ZDNet. “Attackers are watching methods of being less detectable. But the truth is that it’s already happening.”
3. Cloudborne attack
Now, researchers say, bare-metal servers might not be fully erased before future use. The vulnerability, which they dubbed Cloudborne, is within the BMC – a privileged component wont to manage the server. Using the Intelligence Platform Management Interface (IPMI), admins can send commands to the server or modify/reinstall an OS without physical access to the machine.
Vulnerabilities within the BMC could allow any customer to go away a backdoor on the server. “It’s a fundamental gap within the cloud infrastructure, and it’s exaggerated in bare-metal cloud infrastructure,” says Bulygin. “The problem is that a customer – potentially a malicious customer – of a cloud service provider can have access to bare-metal instances,” on which they will modify firmware and infect future users of an equivalent machine with data theft, ransomware, and other threats.
Eclypsium conducted an experiment using IBM’s SoftLayer cloud server platform, which offers bare-metal instances in most of its 35 global data centers. The team initially chose SoftLayer due to its simplified logistics and hardware access, as they explain during a blog post. But researchers also noticed Softlayer used Supermicro hardware, which supported earlier research they knew as vulnerable.
Researchers bought access to a bare-metal server, verified it had been running the newest BMC firmware, and noted the merchandise chassis and serial numbers for future identification. They made a minor change – one bitflip inside a text comment that they had prepared – and created a further IPMI user, which they gave administrative access to the BMC channels.
They returned the server to IBM, which conducted the reclamation process, and were later ready to reacquire an equivalent server. While the new IPMI account was gone, their change to the BMC firmware remained. Researchers say this shows the BMC firmware wasn’t re-flashed during reclamation, which they assert makes it possible to implant malicious code into the firmware and steal data from future users.
Researchers also noticed the BMC logs were retained across provisioning, as was the basis password. Since the logs weren’t deleted, future customers could view the actions of previous server owners and attackers could use the basis password for future access.
4. Cloud cryptojacking
Cloud cryptojacking – hijacking cloud resources to mine for cryptocurrency – is currently the fastest-growing cybersecurity threat to the enterprise.
A recent Bitglass report found that nearly half organisations have malware in one among their cloud applications.
In particular, this year, cloud cryptojacking malware has become one among the most important threats to organisations. This malware sees cybercriminals regularly stealing processing power from devices and other resources so as to mine cryptocurrency.
The trend is showing no signs of slowing down anytime soon.
This is because the rising popularity and value of cryptocurrencies like Bitcoin and Monero have made large-scale cryptojacking a highly lucrative proposition.
As such, it should come as no surprise that hackers are targeting data centres and vulnerable websites which will help them boost their mining capabilities.
Today, cloud-based resources are typically the most focus for hackers looking to mine cryptocurrency. especially , infrastructure-as-a-service (IaaS) platforms are being targeted because they provide virtually infinite resources and an environment where attackers can operate under the radar and go largely undetected.
Learn CEH & Think like hacker
- What is Ethical Hacking? & Types of Hacking
- 5 Phases of Hacking
- 8 Most Common Types of Hacker Motivations
- What are different types of attacks on a system
- Scope and Limitations of Ethical Hacking
- TEN Different Types Of Hackers
- What is the Foot-printing?
- Top 12 steps for Footprinting Penetration Testing
- Different types of tools with Email Footprinting
- What is “Anonymizer” & Types of Anonymizers
- Top DNS Interrogation Tools
- What is SNMP Enumeration?
- Top vulnerability scanning tools
- Information Security of Threat
- Footprinting tools:
- What is Enumeration?
- Network Security Controls
- What is Identity and Access Management?
- OWASP high TEN web application security risks
- Password Attacks
- Defend Against Key loggers
- Defend Against Spyware
- Covering Tracks
- Covering Track on Networks
- Everything You Need To Know About Sniffing – Part 1
- Everything You Need To Know About Sniffing – Part 2
- Learn more about GPS Spyware & Apparatuses
- Introduction of USB Spyware and It’s types
- 10 Types of Identity Theft You Should Know About
- Concepts of Denial-of-Service Attack & Distributed Denial of Service Attack
- Most Effective Ways to Overcome Impersonation on the Social Networking Site’s Problem
- How Dynamic Host Configuration Protocol (DHCP) Works
- DHCP Request/Reply Messages
- DHCP Starvation Attack
- Rogue DHCP Server Attack
- IOS Switch Commands
- Web Server Concept
- Web Server Attacks
- Web Server Attack Tools
- Web Server Security Tools
- 6 Quick Methodology For Web Server Attack
- Learn Skills From Web Server Foot Printing / Banner Grabbing
- The 10 Secrets You Will Never Know About Cyber Security And Its Important?
- Ways To Learn Finding Default Content Of Web Server Effectively
- How will Social Engineering be in the Future
- Understand The Background Of Top 9 Challenges IT Leaders Will Face In 2020 Now
- Learning Good Ways To Protect Yourself From Identity Theft
- Anti-phishing Tools Guide
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com