Infosec pros and hackers regularly abuse cloud service providers to conduct reconnaissance and attacks, despite efforts by cloud providers to limit such activity. In a recent research paper titled “Cloud as an Attack Platform”, five boffins from Texas Tech University – Moitrayee Chatterjee, Prerit Datta, Faranak Abri, Akbar Siami-Namin, and Keith Jones – describe a series of interviews they conducted with computer security pros attending the Black Hat and DEF CON conferences. Of the 75 security professionals and hackers they spoke with as a part of a larger examination of attacker psychology, more than 93 per cent admitted to abusing cloud services to create attack environments and launch attacks.
Professional hackers mostly deploy common strategies for abusing a cloud platform by targetting its resource-efficient features to remain silent (yet stealthy) while probing a target device, discovering vulnerabilities, collecting victim data, and launching attacks.
Interestingly, those using cloud providers for offensive operations have an identical pattern. They communicate with VMs (Virtual Machines) securely by setting up a VPS (Virtual Private Server) or a multi-hop VPN (Virtual Private Network and then load VMs cybersecurity tools like Metasploit, NMap, and Wireshark to conduct offensive acts.
Although IaaS (infrastructure-as-a-service) providers try avoiding this through Virtual Machine network quotas or tools built for securing accounts like Amazon Inspector and AWS GuardDuty. Still, infosec professionals can find their way around platform limitations.
So, cloud providers need to deal with all this abuse more effectively. One way to achieve that is to deploy better client identity verification via background checks. The availability of sites providing fake credit card numbers makes it effortless to create cloud accounts anonymously.
The use of cloud service providers to conduct white hat reconnaissance and attacks indicate the need for increased monitoring by cloud service providers to detect such use by both the good and the bad guys. However, cloud service providers are walking a tightrope, as increased vigilance could negatively impact the usability of these services, perhaps having a negative impact on customer retention.