Infosec pros and hackers regularly abuse cloud service providers to conduct reconnaissance and attacks, despite efforts by cloud providers to limit such activity.
In a recent research paper titled “Cloud as an Attack Platform”, five boffins from Texas Tech University – Moitrayee Chatterjee, Prerit Datta, Faranak Abri, Akbar Siami-Namin, and Keith Jones – describe a series of interviews they conducted with computer security pros attending the Black Hat and DEF CON conferences.
Of the 75 security professionals and hackers they spoke with as a part of a larger examination of attacker psychology, more than 93 per cent admitted to abusing cloud services to create attack environments and launch attacks.
“We observed that these professional hackers often employ common strategies to abuse the cloud platform for its resource-efficient features in order to remain stealthy and silent while probing target machines, collecting victim data, discovering vulnerabilities, and launching attacks,” the paper explains.
Source: The Register