+
Skip to main content
Springer Nature Link
Log in

Attack Vectors

  • Chapter
  • First Online:
Cloud Attack Vectors

  • 1575 Accesses

Abstract

The first step in establishing a secure cloud environment is understanding the threats it’s likely to encounter. The attack vectors that your environment will be subjected to will form the to-do list of the areas you need to secure first and foremost. This can seem like a daunting task, even for those who are well versed in the subject matter or particularly for those who are well versed in the immensity of the space. You need to avoid analysis paralysis, getting caught in a loop of trying to address everything at once. We’ll come back to that later in the book, but for now, the best advice we can give you is to look at the cybersecurity frameworks that exist; many intelligent people have thought about the attack surface and identified the attack vectors, so you don’t have to. Treat these as toolkits, guidelines, and, in some cases, gospel in understanding cloud attack vectors.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+
from $39.99 /Month
  • Starting from 10 chapters or articles per month
  • Access and download chapters and articles from more than 300k books and 2,500 journals
  • Cancel anytime
View plans

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Explore related subjects

Discover the latest articles, books and news in related subjects, suggested using machine learning.

Notes

  1. 1.

    www.techtarget.com/searchnetworking/definition/OSI

  2. 2.

    https://intellipaat.com/blog/tutorial/ethical-hacking-cyber-security-tutorial/sniffing-attacks/

  3. 3.

    https://www.veracode.com/security/spoofing-attack

  4. 4.

    https://www.imperva.com/learn/application-security/man-in-the-middle-attack-mitm/

  5. 5.

    https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos

  6. 6.

    https://owasp.org/www-community/attacks/Session_hijacking_attack

  7. 7.

    https://cybersecurityguide.org/resources/phishing/

  8. 8.

    www.techtarget.com/searchsecurity/definition/exploit

  9. 9.

    https://attack.mitre.org/

  10. 10.

    https://whatis.techtarget.com/definition/red-teaming

  11. 11.

    www.comparitech.com/blog/information-security/cybersecurity-vulnerability-statistics/

  12. 12.

    www.checkpoint.com/downloads/resources/cyber-security-report-2021.pdf

  13. 13.

    https://cve.mitre.org/

  14. 14.

    https://owasp.org/

  15. 15.

    https://cwe.mitre.org/

  16. 16.

    https://xkcd.com/327/

  17. 17.

    https://xkcd.com/327/

  18. 18.

    www.mcafee.com/enterprise/en-us/security-awareness/cloud/what-is-saas.html

  19. 19.

    https://www.coindesk.com/markets/2020/02/26/coindesk-explains-sim-jacking/

  20. 20.

    https://internetofbusiness.com/password-iot/

  21. 21.

    https://ermetic.com/blog/cloud/93-of-security-professionals-say-their-identity-breaches-could-have-been-prevented/

  22. 22.

    https://datacenterresources.com/articles/what-is-a-crash-cart/

  23. 23.

    www.proofpoint.com/us/threat-reference/watering-hole

  24. 24.

    https://slate.com/technology/2016/12/how-the-2011-hack-of-diginotar-changed-the-internets-infrastructure.html

  25. 25.

    https://cisomag.eccouncil.org/facebook-outage/

  26. 26.

    www.internetsociety.org/deploy360/tls/basics/

  27. 27.

    https://www.helpnetsecurity.com/2018/04/25/myetherwallet-dns-hijacking/

  28. 28.

    https://www.okta.com/identity-101/dns-poisoning/

  29. 29.

    https://www.crowdstrike.com/cybersecurity-101/ransomware/ransomware-as-a-service-raas/

  30. 30.

    https://www.nytimes.com/2020/09/18/world/europe/cyber-attack-germany-ransomeware-death.html

  31. 31.

    https://explore.group-ib.com/ransomware-reports/ransomware_uncovered_2020

  32. 32.

    www.beyondtrust.com/blog/entry/ransomware-a-problem-of-excesses-access-privileges-vulnerabilities

  33. 33.

    https://www.cisa.gov/uscert/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_WannaCry_Ransomware_S508C.pdf

  34. 34.

    www.hypr.com/notpetya/

  35. 35.

    https://www.codastory.com/authoritarian-tech/cryptojacking-at-a-ukrainian-nuclear-plant/

  36. 36.

    https://www.consumer.ftc.gov/articles/what-do-if-youre-billed-things-you-never-got-or-you-get-unordered-products

  37. 37.

    https://link.springer.com/book/10.1007/978-1-4842-5914-6

  38. 38.

    https://www.carbonblack.com/global-incident-response-threat-report/april-2019/

  39. 39.

    https://beincrypto.com/livecoin-closes-permanently-following-suspicious-hack/

  40. 40.

    https://explore.group-ib.com/ransomware-reports/ransomware_uncovered_2020

  41. 41.

    www.cisa.gov/uscert/ncas/alerts/AA19-168A

  42. 42.

    www.coresecurity.com/core-labs/articles/dejablue-vulnerabilities-windows-7-windows-10-cve-2019-1181-and-cve-2019-1182

  43. 43.

    https://nypost.com/2020/07/16/twitter-blames-coordinated-social-engineering-attack-for-hack/

  44. 44.

    www.cnn.com/2021/11/13/politics/fbi-fake-emails-cyber-threat/index.html

  45. 45.

    https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/

  46. 46.

    https://www.t-mobile.com/news/press/experian-data-breach-faq

  47. 47.

    https://resources.infosecinstitute.com/topic/android-malware-worm-auto-spreads-via-whatsapp-messages/

  48. 48.

    https://www.barrons.com/articles/the-solarwinds-hack-was-huge-jpmorgan-is-defending-the-stock-51610645288

  49. 49.

    https://www.zdnet.com/article/apple-fixes-another-three-ios-zero-days-exploited-in-the-wild/

Author information

Authors and Affiliations

  1. Lake Mary, FL, USA

    Morey J. Haber

  2. Basingstoke, Hampshire, UK

    Brian Chappell

  3. Gilbert, AZ, USA

    Christopher Hills

Authors
  1. Morey J. Haber
    View author publications

    Search author on:PubMed Google Scholar

  2. Brian Chappell
    View author publications

    Search author on:PubMed Google Scholar

  3. Christopher Hills
    View author publications

    Search author on:PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to APress Media, LLC, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Haber, M.J., Chappell, B., Hills, C. (2022). Attack Vectors. In: Cloud Attack Vectors. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-8236-6_6

Download citation

Publish with us

Policies and ethics

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载