Expert Comments

Expert Comments On Nine Out Of Ten ‘Ethical’ Hackers Abuse Cloud Service Providers

Expert(s): Security Experts
Expert(s): Security Experts

Infosec pros and hackers regularly abuse cloud service providers to conduct reconnaissance and attacks, despite efforts by cloud providers to limit such activity. In a recent research paper titled “Cloud as an Attack Platform”, five boffins from Texas Tech University – Moitrayee Chatterjee, Prerit Datta, Faranak Abri, Akbar Siami-Namin, and Keith Jones – describe a series of interviews they conducted with computer security pros attending the Black Hat and DEF CON conferences. Of the 75 security professionals and hackers they spoke with as a part of a larger examination of attacker psychology, more than 93 per cent admitted to abusing cloud services to create attack environments and launch attacks.

Experts Comments

October 10, 2020
Ali Qamar
Founder and Consumer Security Expert
PrivacySavvy
Professional hackers mostly deploy common strategies for abusing a cloud platform by targetting its resource-efficient features to remain silent (yet stealthy) while probing a target device, discovering vulnerabilities, collecting victim data, and launching attacks. Interestingly, those using cloud providers for offensive operations have an identical pattern. They communicate with VMs (Virtual Machines) securely by setting up a VPS (Virtual Private Server) or a multi-hop VPN (Virtual Private .....Read More
Professional hackers mostly deploy common strategies for abusing a cloud platform by targetting its resource-efficient features to remain silent (yet stealthy) while probing a target device, discovering vulnerabilities, collecting victim data, and launching attacks. Interestingly, those using cloud providers for offensive operations have an identical pattern. They communicate with VMs (Virtual Machines) securely by setting up a VPS (Virtual Private Server) or a multi-hop VPN (Virtual Private Network and then load VMs cybersecurity tools like Metasploit, NMap, and Wireshark to conduct offensive acts. Although IaaS (infrastructure-as-a-service) providers try avoiding this through Virtual Machine network quotas or tools built for securing accounts like Amazon Inspector and AWS GuardDuty. Still, infosec professionals can find their way around platform limitations. So, cloud providers need to deal with all this abuse more effectively. One way to achieve that is to deploy better client identity verification via background checks. The availability of sites providing fake credit card numbers makes it effortless to create cloud accounts anonymously.  Read Less
June 18, 2020
Chris Hauk
Consumer Privacy Champion
Pixel Privacy
The use of cloud service providers to conduct white hat reconnaissance and attacks indicate the need for increased monitoring by cloud service providers to detect such use by both the good and the bad guys. However, cloud service providers are walking a tightrope, as increased vigilance could negatively impact the usability of these services, perhaps having a negative impact on customer retention.

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

iPhone Bug Identified by Researcher, Patch Now Advised by Expert

Security Expert Re: New NIST Application Security Requirements – One...

Critical Flaw in vCenter Server Could Give Hackers Infrastructure Access

Malicious URLS Slipping Past Security Vendors, Experts Weigh In

Expert Comment: VMware Vulnerabilities Ripe For Exploitation

Comment: CISA, FBI, And NSA Release Joint Cybersecurity Advisory On Conti Ransomware

Google And Facebook For Failing To Tackle Online Fraud

MoD Shares Afghanistan Interpreter’s Emails & PII

APP Fraud Is A Simple Yet Extremely

U.S. Targets Crypto-Ransomware Payments with Sanctions, Cybersecurity Experts Weigh In

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy