Siksha Sarovar

Siksha Sarovar (sikshasarovar.com) is a free educational web application that helps students in India learn programming and prepare for academic and competitive exams. The platform offers structured coding courses (C, C++, Python, Java, HTML, CSS, PHP, Power BI, AI, Machine Learning, Data Science), complete university curriculum notes for BCA/MCA students with previous year question papers, Class 10 and Class 12 CBSE/HBSE school notes, and dedicated preparation material for SSC, UPSC, Banking, Railway and other government exams. Browsing the site is completely free and requires no account. Users may optionally sign in with Google solely to save their learning progress, quiz scores and personal preferences across devices.

Privacy Policy | Terms of Service | Contact Siksha Sarovar | About Siksha Sarovar

v4.0.9 · PWA
Siksha Sarovar logo
Siksha Sarovar
Your Learning Universe

Siksha Sarovar is a free e-learning platform for coding courses, BCA university notes and competitive exam preparation. Optional Google sign-in saves your learning progress across devices.

Initializing knowledge base…
Compiling modules 0%

Cybercrime and Cloud Computing: Cloud Attack Vectors

Lesson 5 of 15 in the free Cyber Security notes on Siksha Sarovar, written by Rohit Jangra.

Cybercrime and Cloud Computing: Cloud Attack Vectors

Cloud computing has fundamentally transformed how organizations store, process, and access data. The shift from on-premises infrastructure to cloud services — AWS, Azure, Google Cloud, and others — has introduced enormous operational benefits but also entirely new categories of cyber threats. Understanding how cybercrimes manifest in the cloud is essential for modern security professionals.

---

Cloud Computing Fundamentals

Cloud computing is the delivery of computing services (servers, storage, databases, networking, software, analytics, intelligence) over the internet on a pay-as-you-go basis.

Service Models and their Security Implications:

Service ModelFull NameProvider ManagesCustomer ManagesSecurity BoundaryExample
IaaSInfrastructure as a ServicePhysical hardware, hypervisorOS, apps, data, runtimeFrom OS upwardAWS EC2, Azure VMs
PaaSPlatform as a ServiceHardware, OS, runtime, middlewareApplications, dataApplications and data onlyAWS Elastic Beanstalk, Heroku
SaaSSoftware as a ServiceEverythingData configuration, user accessUser access and dataOffice 365, Salesforce, Gmail
FaaSFunction as a ServiceEverything + execution environmentCode logic, dataCode logicAWS Lambda, Azure Functions

Deployment Models:

ModelDescriptionData ControlCostRisk Level
Public CloudShared infrastructure by cloud providerLowLowestMedium (shared tenancy)
Private CloudDedicated infrastructure for one orgHighHighLower (isolated)
Hybrid CloudMix of public and privateMediumMediumVaries
Community CloudShared by organizations with common interestsMediumMediumLower

---

Cloud-Specific Threat Vectors

The ENISA (EU Agency for Cybersecurity) identifies cloud-specific threats distinct from traditional IT threats:

1. Data Breaches in the Cloud The most significant cloud risk. Data stored centrally in the cloud represents a high-value target. Causes include:

  • Misconfigured storage buckets (S3 buckets set to public access) — responsible for billions of leaked records
  • Weak authentication on cloud APIs
  • Insufficient encryption of data at rest
  • Real Example: Capital One (2019) — misconfigured AWS firewall rule exposed 100M customer records

2. Misconfiguration and Inadequate Change Control Cloud's ease of provisioning leads to misconfiguration. Common misconfigurations:

  • Open firewall rules (port 22/SSH, port 3389/RDP exposed to internet)
  • Default credentials on cloud services
  • Over-permissive IAM roles (e.g., giving admin access instead of least privilege)
  • Unencrypted storage buckets exposed publicly

3. Account Hijacking (Cloud IAM Compromise) Attackers gain access to cloud accounts through:

  • Phishing cloud administrator credentials
  • API key exposure in GitHub repositories (GitGuardian detects millions of exposed secrets annually)
  • Password reuse from breached credential databases
  • SIM swapping to defeat SMS-based MFA
Attack MethodTargetPreventionDetectionImpact
Credential PhishingAdmin passwordsMFA, security trainingLogin anomaly detectionFull account takeover
API Key ExposureService account keysSecret scanning, vaultCSPM toolsUnauthorized resource usage
SIM SwapSMS-based MFAFIDO2 hardware keysCarrier notificationsMFA bypass
Token TheftOAuth/JWT tokensShort token TTL, rotationToken anomaly detectionSession hijacking

4. VM Escape / Hypervisor Attacks In IaaS, multiple virtual machines share the same physical hardware via a hypervisor. A VM escape attack occurs when malicious code in one VM breaks out of its isolated container and accesses the hypervisor or other VMs on the same host:

  • Exploits vulnerabilities in the hypervisor software (VMware, KVM, Hyper-V)
  • Allows attacker to read memory from other VMs (cross-tenant attacks)
  • Mitigation: Hypervisor patching, hardware isolation (Intel TXT, AMD SEV)

5. Denial of Service Targeting Cloud Services Cloud-hosted services are prime DDoS targets:

  • Volumetric attacks: Flood bandwidth with traffic (hundreds of Gbps)
  • Resource exhaustion: Exhaust cloud auto-scaling limits, generating enormous cost for victim (called "Denial of Wallet")
  • Application-layer attacks: Target specific application endpoints

6. Data Loss and Insecure Data Deletion

  • Accidental deletion of cloud data without backups
  • Provider insolvency or service shutdown
  • Inadequate data wiping when decommissioning cloud resources
  • In shared environments, data remnants may be accessible to subsequent tenants (though cloud providers use secure deletion practices)

---

Cloud Security Responsibility Model

The Shared Responsibility Model defines who is responsible for what security:

Security DomainPublic Cloud ProviderCustomerStandard
Physical security✅ ProviderSOC 2 Type II
Network infrastructure✅ ProviderPartiallyISO 27001
Hypervisor/virtualization✅ ProviderCSA STAR
OS patchingShared (IaaS: customer)✅ IaaS customerCIS Benchmarks
Application security✅ CustomerOWASP Top 10
Data encryptionTools provided✅ Customer decidesFIPS 140-2
Identity and accessTools provided✅ Customer configuresNIST 800-63
ComplianceCertified environments✅ Customer's responsibilityGDPR, HIPAA

---

Study Deep: Cloud Security in Depth

  1. The "lift and shift" fallacy: Many organizations migrate on-premises workloads to cloud without redesigning for cloud security. On-premises security assumptions (e.g., "the firewall protects everything") don't hold in cloud. Cloud requires a fundamentally different security model — identity-centric, API-first, with network microsegmentation.
  1. Cloud misconfigurations are the #1 cloud breach cause: According to Gartner, through 2025, 99% of cloud security failures will be the customer's fault (misconfiguration, not provider breach). Tools like CSPM (Cloud Security Posture Management) — AWS Security Hub, Microsoft Defender for Cloud, Prisma Cloud — automatically scan for misconfigurations.
  1. Serverless creates new security challenges: Function-as-a-Service (FaaS) eliminates server management but introduces new risks: excessive permissions on Lambda functions, injection attacks through event data, dependency vulnerabilities in third-party libraries. Traditional security tools often cannot monitor serverless execution.
  1. Cloud forensics is challenging: When an incident occurs in the cloud, digital forensics becomes complicated. Virtual machines can be terminated (destroying evidence), logs may not be configured, and investigators may have limited access to underlying hardware. Cloud providers offer forensic-friendly services (CloudTrail, Azure Monitor) but customers must enable them proactively.
  1. Multi-cloud increases complexity: Most enterprises use multiple cloud providers. Each has different security controls, APIs, and compliance tools. Security teams must maintain expertise across AWS, Azure, and GCP simultaneously, and visibility tools must span all environments to prevent blind spots.
Exam Tip: Cloud security topics focus on: (1) Shared Responsibility Model (know what provider vs customer manages), (2) Data breach causes (misconfiguration is #1), (3) VM escape / hypervisor attacks (IaaS-specific), (4) Account hijacking via credential theft. The OWASP Cloud Top 10 risks are also exam-relevant.