Week 7 Assignment

The focus of this week’s post will be Account Hijacking in cloud environment. So what is Account Hijacking? An article by Digital Guardian describes it as “a process in which an individual or organization’s cloud account is stolen or hijacked by an attacker”. The stolen account information is later used to conduct malicious or unauthorized activity. The cloud environment is especially vulnerable to potential attacks of this sort, because of the huge amount of data stored in one place and the multiple accounts sharing resources across the network.

An example of Account Hijacking attack happened on April 20^th 2010 when cross-site scripting (XSS) was used to steal session IDs from Amazon Wireless customers. Session IDs are used to grant users access to their online accounts after they enter their password. It took the security team 12 hours to fix the bug, after it was first brought up to their attention.

Account hijacking attacks can damage an organization’s reputation and integrity when confidential data is leaked or lost, causing significant cost to businesses or their customers. Experts suggest the following steps to protect the data in the cloud: strong authentication for cloud app users, data is being backed up in the event of data loss, restriction of the IP addresses allowed to access cloud applications, multi-factor authentication and data encryption before it is sent to the cloud.

Resources:

Lord, N., (2015, September 28), What is Cloud Account Hijacking?,  retrieved from https://digitalguardian.com/blog/what-cloud-account-hijacking

Goodin, D., (2010, April 20), Amazon purges account hijacking threat from site, retrieved from http://www.theregister.co.uk/2010/04/20/amazon_website_treat/

Week 6 Assignment

For this week’s post I am going to look at the shared technology vulnerabilities as a security concern to cloud computing.

Cloud providers deliver services by sharing infrastructure, platform and applications. One of the essential characteristics of the cloud is resource pooling – resources that are used to provide the cloud service are realized, using a homogeneous infrastructure that is shared between all service users. The underlying components of the infrastructure, supporting the cloud, may not have been designed with strong isolation properties that are needed for IaaS, PaaS and SaaS. This can lead to shared technology vulnerabilities that can be exploited in all service models. The impact of a compromised piece of shared technology can be devastating and potentially affect the entire cloud. Resource pooling enables several customers to share certain network infrastructure components, vulnerabilities in a DNS server, DHCP and IP protocols might cause a network-based cross-tenant attack.

To mitigate the risks of shared technology vulnerabilities, multifactor authentication on all hosts should be implemented, along with Host-based Intrusion Detection System (HIDS) and Network-based Intrusion Detection System (NIDS). A defense in-depth strategy can be used for security enforcement and monitoring. Another point to mention is the partnership between the cloud provider and the customer – the security of the cloud is a shared responsibility and both sides need to take preventative actions to protect the infrastructure, services and data.

Resources:

The Treacherous 12 Cloud Computing Top Threats in 2016, (February 2016), prepared by the Cloud Security Alliance, retrieved from https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf

Grobauer, B., Walloscheck, T., Stöcker, E., (2011, August 15), Understanding Cloud Computing Vulnerabilities, retrieved from https://www.infoq.com/articles/ieee-cloud-computing-vulnerabilities

Ma, Joy, (2015, December 14), Top 10 Security Concerns for Cloud-Based Services, retrieved from https://www.incapsula.com/blog/top-10-cloud-security-concerns.html

Week 5 Assignment

One of the serious concerns when it comes to cloud computing security is the malicious insider threat.  According to CERT a malicious insider is a ”current or former employee, contractor, or other business partner who has or had authorized access to an organizations network, system or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organizations information or information systems.”

Malicious insiders can have an increasing level of access to critical systems from IaaS to PaaS and SaaS but despite the concern cloud computing use continues to grow. There are three types of cloud-related insider threats:

• ·         Rogue Administrator – This administrator is employed by the cloud and the motivation behind the attack is often financial , resulting in theft of sensitive information, loss of confidentiality and integrity
• ·         Insider within the Organization, who exploits vulnerabilities exposed by the use of cloud services. This is often enabled by the differences in security policies or access control between the cloud provider and the organization.
• ·         Insider, who uses cloud services to carry out an attack on his own employer. The difference here is that the insider uses the cloud as a tool to attack targeted systems or data that are not necessarily associated with the cloud-based systems.

There are some countermeasures that both organizations and providers should consider. For the client side IDS/IPS mechanisms may be implemented along with cryptographic techniques to protect the confidentiality and integrity of their data. Some steps that the provider can take to minimize the risk of an insider threat are: separation of duties, logging user and administrator actions, legal bindings, insider detection models, anomaly detection, and multi-factor authentication.

Cloud computing offers business efficiency improvement but also provides new possibilities for insider attacks. In order to protect themselves, organizations need to be aware of the vulnerabilities related to cloud computing services and the availability they provide to employees.

Resources:

Claycomb, William & Nicoll, Alex, (n.d.), Insider Threats to Cloud Computing: Directions for New Research Challenges, retrieved from http://resources.sei.cmu.edu/asset_files/WhitePaper/2012_019_001_52385.pdf

Miltiadis Kandias, Nikos Virvilis, Dimitris Gritzalis, (2011), The Insider Threat in Cloud Computing, retrieved from https://www.infosec.aueb.gr/Publications/CRITISCloud%20Insider.pdf

Week 4 Assignment

For this week’s blog post I found an article named “How Outbound Spam Affects Cloud Hosting Providers” and decided to share its summary on my blog.

Traditional spam usually originates from “botnets” of compromised personal computers.  The emergence of cloud hosting services however provides a powerful and easy to use new platform for spammers to take advantage of. Clients can rent a given unit of CPU, hard disk and network resources at an hourly or monthly rate. Spammers use a stolen credit card to rent some of the provider’s hosting infrastructure. Then they install spamming software on the cloud machine and starts sending out spam. The cloud infrastructure is up and running 24/7 compared to compromised PCs that are usually turned off at night, giving attackers the opportunity to generate millions of messages a day. Cloud providers also offer static IP addresses (considered more reliable by email receivers), great bandwidth and a flexible and easy to use OS.

Sometimes it takes 6-8 weeks for the owner of the stolen credit card to find out about the fraud and report it to the credit card company and request a chargeback. According to the article “the chargeback costs the cloud hosting provider anywhere from $50 to $100 or more. Credit card issuers can also require a holdback if fraud rates become particularly high; and this holdback amount can cripple the hosting provider by tying up valuable cash resources essentially on a permanent basis.” 

The conclusion – attackers will always try to abuse any system vulnerabilities and protecting the cloud environment from spam can be minimized by implementing a real-time transparent outbound anti-spam filtering solution. Any delays can cost the cloud provider not only money but also their reputation.

Resources:

How Outbound Spam Affects Cloud Hosting Providers (n.d.). Retrieved from: http://www.mailchannels.com/outbound-spam-filtering/how-outbound-spam-affects-cloud-hosting-providers/