Cloud Malware Injection Attacks
Many types of cyber-attacks happen in a cloud environment, but the focus of today is malware injection attacks. During this attack, the goal is to access user information in the cloud. By infecting Saas, Paas, or Iaas, hackers can relay requests to compromised modules and execute malicious lines of code. The malicious code can either steal data or eavesdrop on users. Malware injection attacks via “cross-site scripting attacks and SQL injection attacks” (Katrenko, 2020) are most common.
Cross-site scripting attacks abuse susceptible web pages by injecting corrupted scripts into plugins like Flash and Javascript. German researchers conducted one such attack in 2011 against Amazon Web Services. The Horst Goertz Institute researchers found and exploited a weakness in Amazon’s signature validation process. The vulnerability was found “in the WS-Security protocol and enable[d] attackers to trick servers into authorizing digitally signed SOAP messages that [had] been altered” (Constantin, 2011).
The researchers were successful in performing a wrapping attack. A wrapping attack aims to insert elements into message structures to validate signatures covering the attacker's illegitimate service request by tricking the cloud into thinking they are a valid operator. After tricking the software into authentication, the researchers could execute administrative tasks like deleting and creating customer data.??
The researchers not only could perform administrative tasks but also had access to sensitive information. Customer files such as “authentication data, tokens, and even plain text passwords” (Constantin, 2011) were exposed. The breach put thousands of customers at risk of having their personally identifiable information sold on the dark web.
Amazon quickly responded to the breach and performed an extensive investigation to find vulnerabilities in their platform. They found that the issue also impacted any Vendor using the Amazon cloud service. One such platform that found to be compromised along with Amazon was Eucalyptus, “an open-source solution commonly used for private cloud computing infrastructure” (Constantin, 2011).
?Another type of malware injection attack in a cloud environment is SQL injection. During these attacks, exposed database applications in SQL servers are the target. In 2008, visitors of the Sony PlayStation website were at risk of malware infection from such an attack.
Hackers injected malicious code onto pages on the PlayStation website using Javascript to target unprotected coding. When users navigated to the compromised pages to view promoted game products, cybercriminals would run a “fake anti-virus scan and display[ed] a bogus message that their computer [was] infected with a variety of different viruses and Trojan horses” (Sophos, 2008). The fake security dialogue box prompted the user to click on a link that would redirect them to a fake security product that would “fix” the issue due to insufficient protection and get them to enter their credit card information.
领英推荐
The hackers would later tweak the payload to make it nastier. In addition to tricking users into entering their financial information, code installed on the user’s device would “turn Windows PCs into a botnet to harvest confidential information from [other] users” (Sophos, 2008). The update to the code was especially insidious because of the reach it would have on the millions of users who navigate the website every day.
Exposed webpages like these with high levels of traffic are prime targets for cybercriminals bent on launching distributed denial-of-service attacks and spam messages. Malcode thrives in unsecured SQL databases and work alongside other malicious content to pull code from dark websites to add to their botnet. The threat to cloud environments grows as the attacks become more automated. For protection, users should patch their systems with the most recent updates, steer clear of websites known to be compromised, not use plugins like Flash, and not to click on popups regardless of their perceived intention.
References
Constantin, L. (2011, October 27). Researchers demo cloud security issue with Amazon AWS attack. Retrieved from www.pcworld.idg.com: https://www.pcworld.idg.com.au/article/405419/researchers_demo_cloud_security_issue_amazon_aws_attack/
Katrenko, A. (2020, February 26). Cloud Computing Attacks: A New Vector for Cyber AttacksIt was originally published on https://www.apriorit.com/. Retrieved from www.apriorit.com: https://www.apriorit.com/dev-blog/523-cloud-computing-cyber-attacks
Sophos. (2008, July 3). Visitors to Sony PlayStation website at risk of malware infection. Retrieved from www.sophos.com: https://www.sophos.com/en-us/press-office/press-releases/2008/07/playstation