Cloud Security Threats – Abuse and nefarious use of cloud services
This blog will look at the abuse and nefarious use of cloud services. This is one of the top threats identified by the Cloud Security Alliance in their recent white paper ‘The Treacherous Twelve – Cloud Computing Top Threats in 2016’, sponsored by HPE Security – Data Security, and available to download here.
One of the advantages of a cloud model is the ability to dynamically up and downscale resources as the business requires. However this same flexibility affords attackers a dynamic environment in which to create their attacks. It is relatively cheap to rent space from a cloud service provider (CSP) and to use the CPU power and network bandwidth to launch DDoS attacks, run malicious websites, or control botnets. The solution to this problem is not simple – an acceptable use policy can set down the rules, but due to the automation that is involved in provisioning new cloud instances, it is often too late before a CSP identifies a nefarious cloud instance.
Another problem related to the misuse of cloud services is cyber criminals taking advantage of the free trial period offered by some CSPs – we recently spoke with a service provider customer who had automated the provisioning of a free trial period, which in turn was being white-labeled and resold by a team of Chinese hackers!
Read the entire article here, Cloud Security Threats – Abuse and nefarious use of cloud services
via the fine folks at HP Enterprise.