Cloud as an Attack Platform
This research addresses the problem of cloud security vulnerabilities for cybersecurity professionals, though it is incremental as it builds on existing knowledge of attack methods.
The study investigated how security professionals and ethical hackers abuse cloud platforms for attacks, finding that 93.78% of responses involved using cloud services to establish attack environments and launch attacks.
We present an exploratory study of responses from $75$ security professionals and ethical hackers in order to understand how they abuse cloud platforms for attack purposes. The participants were recruited at the Black Hat and DEF CON conferences. We presented the participants' with various attack scenarios and asked them to explain the steps they would have carried out for launching the attack in each scenario. Participants' responses were studied to understand attackers' mental models, which would improve our understanding of necessary security controls and recommendations regarding precautionary actions to circumvent the exploitation of clouds for malicious activities. We observed that in 93.78% of the responses, participants are abusing cloud services to establish their attack environment and launch attacks.