Abstract
Security has a ubiquitous influence on cloud services. With technology advancement, the superiority of attacks is continuously scaling in volume. In response, the security experts have increased the defensive perimeters, enhanced the malware protection and upgraded the countermeasures to detect malicious activity. However, weak identity and access management system and destabilized privilege system has created loopholes for cloud security, resulting in abnormal development using unsecured credentialing challenges and vulnerable applications. Organizations, which do not focus on the importance of secure credentials, are at greater risk. Credentials (password) are considered as easiest and cheaper measures for security but are more susceptible to be stolen. The organizations internally might use technologies to protect credentials by applying new policies using an exclusive username and password credentials, which may protect their cloud accounts. In spite of this fact, the valuable cloud information at data stores accessed remotely by virtual logins to an organization leads to attack issues and challenges. Thus, a credential attack is the major root cause of other attacks occurrence. The objective of the research study is to revisit the concept of credential attack and its emerging root causes. The focal point is to represent a broad overview of credential attack, intensifying as a vital security aspect in the cloud. The paper purposes to reconsider the prior literature and highlighting on conclusive findings for prospective research in the interrelated sphere of influence based on the published reports and industry/organization work.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
V. Singh, S.K. Pandey, Research in cloud security: problems and prospects. Int. J. Comput. Sci. Eng. Inform. Technol. Res. (IJCSEITR) 3(3), 305–314 (2013)
V. Singh, S.K. Pandey, Revisiting cloud security issues and challenges. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 3(7), 1–10 (2013)
V. Singh, S.K. Pandey, Cloud security related threats. Int. J. Sci. Eng. Res. 4(9), 2571 (2013)
SHADOWS IN THE CLOUD: Investigating cyber espionage 2.0, JR03-2010, https://www.nartv.org/mirror/shadows-in-the-cloud.pdf
T. Spring, Cloud credentials: new attack surface for old problem, threatpost, April 19, 2018, https://threatpost.com/cloud-credentials-new-attack-surface-for-old-problem/131304/
STEP-BY-STEP Incident Response for Today’s Top 3 Security Scenarios, Exabeam, 2017, https://www.securelink.de/wp-content/uploads/2017/09/Exabeam_Incident_Response_for_Top_3_Security_Scenarios.pdf
Verizon, 2017 Data Breach Investigations Report, https://www.knowbe4.com/hubfs/rp_DBIR_2017_Report_execsummary_en_xg.pdf
Top Threats to Cloud Computing: Deep Dive, 2018 Cloud Security Alliance, https://downloads.cloudsecurityalliance.org/assets/research/top-threats/top-threats-to-cloud-computing-deep-dive.pdf
B. Kumar, S. Yadav, Storage less credentials and secure login, ICTCS ‘16 Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies Article No. 55, ACM, 2016
J.A. Martin, What is access control? 5 enforcement challenges security professionals need to know, FEB 5, 2018, https://www.csoonline.com/article/3251714/authentication/what-is-access-control-5-enforcement-challenges-security-professionals-need-to-know.html
Fraud Smart, Fraud prevention handbook, 2017, https://efraudprevention.net/home/fraudsmarts.pdf
M. Cannard, Reducing cloud risk through secure credential storage and management, October 19th, 2016, https://www.beyondtrust.com/blog/reducing-cloud-risk-through-secure-credential-storage-and-management/
Credential theft: the business impact of stolen credentials, Blueliv, https://www.blueliv.com/blog-news/credential-theft/credential-theft-the-business-impact-of-stolen-credentials/
Close the password security gap: convenience for employees and control for IT, OVUM VIEW, September 2017, https://lp-cdn.lastpass.com/lporcamedia/document-library/lastpass/pdf/en/ovum-lastpass-whitepaper.pdf
M. Miller, What is password rotation and why is it needed? April 5th, 2018, https://www.beyondtrust.com/blog/password-rotation-needed/
D. Epp, Credential theft and how to secure credentials, 2015, https://technet.microsoft.com/en-us/security/dn920237.aspx
M. Miller, Privileged password management explained part 2: managing passwords & attack techniques, 2017, https://www.beyondtrust.com/blog/privileged-password-management-explained-part-2-managing-passwords-attack-techniques/
V. Pappas, V.P. Kemerlis, A. Zavou, M. Polychronakis, A.D. Keromytis, C. Fence, Data flow tracking as a cloud service, https://www.cs.columbia.edu/~vpk/papers/cloudfence.raid13.pdf
M. Nicholas, How hackers steal your reused passwords–Credential Stuffing, 2017, https://blog.dashlane.com/hackers-steal-your-reused-passwords-using-credential-stuffing/
S. Asad Hussaina Mehwish Fatimaa, A. Saeedb, I. Raza, R. Khurram Shahzad, Multilevel classification of security concerns in cloud computing, Appl. Comput. Inform. 13(1), 57–65 (2017)
Y. Gupta, Oracle is ruthlessly aggressive on cloud security: Rohit Gupta, 2017, http://www.channelworld.in/interviews/oracle-ruthlessly-aggressive-cloud-security-rohit-gupta
T.K. Subramaniam, B. Deepa, Security attack issues and mitigation techniques in cloud computing environments, Int. J. UbiComp (IJU) 7(1), (2016)
C. Wueest, M. BallanoBarcena, L. O’Brien, Mistakes in the IaaS cloud could put your data at risk, Version 1.01–May 1, 2015
S. Tout, The growing issue of compromised credentials, Oct 12, 2018
V.S. Sinha, D. Saha, P. Dhoolia, R. Padhye, S. Mani, Detecting and Mitigating secret-key leaks in source code repositories, https://people.eecs.berkeley.edu/~rohanpadhye/files/key_leaks-msr15.pdf
D.C. Wyld et al. (eds), Security and privacy of sensitive data in cloud computing: a survey of recent developments NETCOM, NCS, WiMoNe, CSEIT, SPM – 2015 pp. 131–150, 2015. CS & IT-CSCP 2015
Christo, The dirty dozen: 12 top cloud security threats for 2018, https://communities.ca.com/blogs/Christo/2018/01/05/the-dirty-dozen-12-top-cloud-security-threats-for-2018
K. Thomas et al., Data breaches, phishing, or malware? Understanding the risks of stolen credentials, CCS’17, Oct 30–Nov 3, 2017, Dallas, TX, USA
P .Jyothi, R. Anuradha, Dr. Y. Vijayalata, Minimizing internal data theft in cloud through disinformation attacks. Int. J. Adv. Res. Comput. Commun. Eng. 2(9), (2013)
M. Prinzlau, 6 security risks of enterprises using cloud storage and file sharing apps, 2018, https://digitalguardian.com/blog/6-security-risks-enterprises-using-cloud-storage-and-file-sharing-apps
M. Aamir Nadeem, Cloud computing: security issues and challenges. J. Wire. Commun. 1(1), 10–15 (2016)
A. Shulman, Top ten database security threats how to mitigate the most significant database vulnerabilities, Imperva, https://schell.com/Top_Ten_Database_Threats.pdf
JT Giri, Top 5 cloud security threats you need to understand, 2017, https://tdwi.org/articles/2017/06/09/top-5-cloud-security-threats.aspx
T. Morrow, 12 Risks, Threats, & Vulnerabilities in moving to the cloud, 2018, https://insights.sei.cmu.edu/sei_blog/2018/03/12-risks-threats-vulnerabilities-in-moving-to-the-cloud.html
Credential Theft as a Primary Attack Vector - Detect and Respond to Privileged and Service Account Attacks, Fraud & Breach Prevention Summit 2017, https://www.bankinfosecurity.com/webinars/credential-theft-as-primary-attack-vector-detect-respond-to-privileged-w-1244
Attractive Accounts for Credential Theft, 2017, https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/attractive-accounts-for-credential-theft
W. Ashford, Credential theft a top priority, Rapid 7 report shows, 2018, https://www.computerweekly.com/news/252441129/Credential-theft-a-top-priority-Rapid-7-report-shows
2017 DBIR: Misuse of stolen credentials unchecked, Out of control, 2017, https://www.secureauth.com/blog/2017-dbir-misuse-stolen-credentials
L. Lazarovitz, C.A. Labs, Evolution of credential theft techniques will be the cyber security battleground of 2018, CyberArk, https://www.cyberark.com/threat-research-blog/cyberark-labs-evolution-credential-theft-techniques-will-cyber-security-battleground-2018/
Ms. Smith, 60% of companies cannot detect compromised credentials, survey says, Privacy And Security Fanatic, CSO from IDG, 2016, https://www.csoonline.com/article/3022066/security/60-of-companies-cannot-detect-compromised-credentials-say-security-pros-surveyed.html
Yubico Engineering, Internet credential theft: common mitigations versus attacker behaviors, https://www.yubico.com/support/whitepapers/internet-credential-theft-common-mitigations-vs-attacker-behaviors/
Windows 10 Credential Theft Mitigation Guide Abstract, https://docs.microsoft.com/en-us/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract
N. Ismail, What business can do to stamp out credential theft? 2017, https://www.information-age.com/business-can-stamp-credential-theft-123469539/
R. Sethi, Preventing credential theft: a security checklist for boards, https://www.darkreading.com/vulnerabilities—threats/preventing-credential-theft-a-security-checklist-for-boards/a/d-id/1330233
M. Kassner, How to make stealing online credentials more difficult for cybercriminals, 2018, https://www.techrepublic.com/article/how-to-make-stealing-online-credentials-more-difficult-for-cybercriminals/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Singh, V., Pandey, S.K. (2021). Revisiting Cloud Security Attacks: Credential Attack. In: Rathore, V.S., Dey, N., Piuri, V., Babo, R., Polkowski, Z., Tavares, J.M.R.S. (eds) Rising Threats in Expert Applications and Solutions. Advances in Intelligent Systems and Computing, vol 1187. Springer, Singapore. https://doi.org/10.1007/978-981-15-6014-9_39
Download citation
DOI: https://doi.org/10.1007/978-981-15-6014-9_39
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-6013-2
Online ISBN: 978-981-15-6014-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)