Our experts can help identify vulnerabilities and threats to keep your business secure.
Cloud Security: Common Attacks
With the global movement to cloud-based infrastructure, attack surfaces are moving to a cloud.
We’ve found cloud security articles often cover attack vectors and threats that are shared by both cloud and non-cloud environments, such as “Denial of service” or “Data theft.” There is a lot less information available about cloud-specific vulnerabilities.
This article goes through the most common cloud-specific vulnerabilities that we’ve encountered over the years. It explains what attacks are possible and the inherent risks organizations may face because of them. We’ll cover Amazon Web Services (AWS) and Microsoft Azure cloud services. However, most of these vulnerabilities can occur on any other similar cloud service.
We examine vulnerabilities and attacks based on:
- Insecure configurations in services like Amazon S3
- Subdomain takeovers exploiting “Dangling DNS” records (i.e., active subdomains that point toward a deprovisioned cloud service resource)
- Metadata Exposures and the Server-Side Request Forgeries (SSRF) that they enable
- SSRF vulnerabilities within serverless applications like AWS Lambda
- Dangers of excessive Identity and Access Management (IAM) privileges
Download the full research white paper to learn more.