Cloud as an Attack Platform
Moitrayee Chatterjee, Prerit Datta, Faranak Abri, Akbar Siami, Namin, Keith S. Jones
TL;DR
This study explores how security professionals and hackers misuse cloud platforms for attacks, revealing that nearly 94% of responses involved abusing cloud services to set up attack environments.
Contribution
It provides insights into attacker mental models and highlights the prevalent abuse of cloud platforms for malicious purposes, informing security defenses.
Findings
93.78% of responses involved cloud abuse for attack setup
Participants' responses reveal common attack scenarios and methods
Insights can improve security controls against cloud-based attacks
Abstract
We present an exploratory study of responses from security professionals and ethical hackers in order to understand how they abuse cloud platforms for attack purposes. The participants were recruited at the Black Hat and DEF CON conferences. We presented the participants' with various attack scenarios and asked them to explain the steps they would have carried out for launching the attack in each scenario. Participants' responses were studied to understand attackers' mental models, which would improve our understanding of necessary security controls and recommendations regarding precautionary actions to circumvent the exploitation of clouds for malicious activities. We observed that in 93.78% of the responses, participants are abusing cloud services to establish their attack environment and launch attacks.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security · Cloud Data Security Solutions · Network Security and Intrusion Detection