Skip to main content
SpringerLink
Log in
Book cover

Rising Threats in Expert Applications and Solutions pp 339–350Cite as

Revisiting Cloud Security Attacks: Credential Attack

  • Conference paper
  • First Online:

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1187))

Abstract

Security has a ubiquitous influence on cloud services. With technology advancement, the superiority of attacks is continuously scaling in volume. In response, the security experts have increased the defensive perimeters, enhanced the malware protection and upgraded the countermeasures to detect malicious activity. However, weak identity and access management system and destabilized privilege system has created loopholes for cloud security, resulting in abnormal development using unsecured credentialing challenges and vulnerable applications. Organizations, which do not focus on the importance of secure credentials, are at greater risk. Credentials (password) are considered as easiest and cheaper measures for security but are more susceptible to be stolen. The organizations internally might use technologies to protect credentials by applying new policies using an exclusive username and password credentials, which may protect their cloud accounts. In spite of this fact, the valuable cloud information at data stores accessed remotely by virtual logins to an organization leads to attack issues and challenges. Thus, a credential attack is the major root cause of other attacks occurrence. The objective of the research study is to revisit the concept of credential attack and its emerging root causes. The focal point is to represent a broad overview of credential attack, intensifying as a vital security aspect in the cloud. The paper purposes to reconsider the prior literature and highlighting on conclusive findings for prospective research in the interrelated sphere of influence based on the published reports and industry/organization work.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. V. Singh, S.K. Pandey, Research in cloud security: problems and prospects. Int. J. Comput. Sci. Eng. Inform. Technol. Res. (IJCSEITR) 3(3), 305–314 (2013)

    Google Scholar 

  2. V. Singh, S.K. Pandey, Revisiting cloud security issues and challenges. Int. J. Adv. Res. Comput. Sci. Softw. Eng. 3(7), 1–10 (2013)

    Google Scholar 

  3. V. Singh, S.K. Pandey, Cloud security related threats. Int. J. Sci. Eng. Res. 4(9), 2571 (2013)

    Google Scholar 

  4. SHADOWS IN THE CLOUD: Investigating cyber espionage 2.0, JR03-2010, https://www.nartv.org/mirror/shadows-in-the-cloud.pdf

  5. T. Spring, Cloud credentials: new attack surface for old problem, threatpost, April 19, 2018, https://threatpost.com/cloud-credentials-new-attack-surface-for-old-problem/131304/

  6. STEP-BY-STEP Incident Response for Today’s Top 3 Security Scenarios, Exabeam, 2017, https://www.securelink.de/wp-content/uploads/2017/09/Exabeam_Incident_Response_for_Top_3_Security_Scenarios.pdf

  7. Verizon, 2017 Data Breach Investigations Report, https://www.knowbe4.com/hubfs/rp_DBIR_2017_Report_execsummary_en_xg.pdf

  8. Top Threats to Cloud Computing: Deep Dive, 2018 Cloud Security Alliance, https://downloads.cloudsecurityalliance.org/assets/research/top-threats/top-threats-to-cloud-computing-deep-dive.pdf

  9. B. Kumar, S. Yadav, Storage less credentials and secure login, ICTCS ‘16 Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies Article No. 55, ACM, 2016

    Google Scholar 

  10. J.A. Martin, What is access control? 5 enforcement challenges security professionals need to know, FEB 5, 2018, https://www.csoonline.com/article/3251714/authentication/what-is-access-control-5-enforcement-challenges-security-professionals-need-to-know.html

  11. Fraud Smart, Fraud prevention handbook, 2017, https://efraudprevention.net/home/fraudsmarts.pdf

  12. M. Cannard, Reducing cloud risk through secure credential storage and management, October 19th, 2016, https://www.beyondtrust.com/blog/reducing-cloud-risk-through-secure-credential-storage-and-management/

  13. Credential theft: the business impact of stolen credentials, Blueliv, https://www.blueliv.com/blog-news/credential-theft/credential-theft-the-business-impact-of-stolen-credentials/

  14. Close the password security gap: convenience for employees and control for IT, OVUM VIEW, September 2017, https://lp-cdn.lastpass.com/lporcamedia/document-library/lastpass/pdf/en/ovum-lastpass-whitepaper.pdf

  15. M. Miller, What is password rotation and why is it needed? April 5th, 2018, https://www.beyondtrust.com/blog/password-rotation-needed/

  16. D. Epp, Credential theft and how to secure credentials, 2015, https://technet.microsoft.com/en-us/security/dn920237.aspx

  17. M. Miller, Privileged password management explained part 2: managing passwords & attack techniques, 2017, https://www.beyondtrust.com/blog/privileged-password-management-explained-part-2-managing-passwords-attack-techniques/

  18. V. Pappas, V.P. Kemerlis, A. Zavou, M. Polychronakis, A.D. Keromytis, C. Fence, Data flow tracking as a cloud service, https://www.cs.columbia.edu/~vpk/papers/cloudfence.raid13.pdf

  19. M. Nicholas, How hackers steal your reused passwords–Credential Stuffing, 2017, https://blog.dashlane.com/hackers-steal-your-reused-passwords-using-credential-stuffing/

  20. S. Asad Hussaina Mehwish Fatimaa, A. Saeedb, I. Raza, R. Khurram Shahzad, Multilevel classification of security concerns in cloud computing, Appl. Comput. Inform. 13(1), 57–65 (2017)

    Google Scholar 

  21. Y. Gupta, Oracle is ruthlessly aggressive on cloud security: Rohit Gupta, 2017, http://www.channelworld.in/interviews/oracle-ruthlessly-aggressive-cloud-security-rohit-gupta

  22. T.K. Subramaniam, B. Deepa, Security attack issues and mitigation techniques in cloud computing environments, Int. J. UbiComp (IJU) 7(1), (2016)

    Google Scholar 

  23. C. Wueest, M. BallanoBarcena, L. O’Brien, Mistakes in the IaaS cloud could put your data at risk, Version 1.01–May 1, 2015

    Google Scholar 

  24. S. Tout, The growing issue of compromised credentials, Oct 12, 2018

    Google Scholar 

  25. V.S. Sinha, D. Saha, P. Dhoolia, R. Padhye, S. Mani, Detecting and Mitigating secret-key leaks in source code repositories, https://people.eecs.berkeley.edu/~rohanpadhye/files/key_leaks-msr15.pdf

  26. D.C. Wyld et al. (eds), Security and privacy of sensitive data in cloud computing: a survey of recent developments NETCOM, NCS, WiMoNe, CSEIT, SPM – 2015 pp. 131–150, 2015. CS & IT-CSCP 2015

    Google Scholar 

  27. Christo, The dirty dozen: 12 top cloud security threats for 2018, https://communities.ca.com/blogs/Christo/2018/01/05/the-dirty-dozen-12-top-cloud-security-threats-for-2018

  28. K. Thomas et al., Data breaches, phishing, or malware? Understanding the risks of stolen credentials, CCS’17, Oct 30–Nov 3, 2017, Dallas, TX, USA

    Google Scholar 

  29. P .Jyothi, R. Anuradha, Dr. Y. Vijayalata, Minimizing internal data theft in cloud through disinformation attacks. Int. J. Adv. Res. Comput. Commun. Eng. 2(9), (2013)

    Google Scholar 

  30. M. Prinzlau, 6 security risks of enterprises using cloud storage and file sharing apps, 2018, https://digitalguardian.com/blog/6-security-risks-enterprises-using-cloud-storage-and-file-sharing-apps

  31. M. Aamir Nadeem, Cloud computing: security issues and challenges. J. Wire. Commun. 1(1), 10–15 (2016)

    Google Scholar 

  32. A. Shulman, Top ten database security threats how to mitigate the most significant database vulnerabilities, Imperva, https://schell.com/Top_Ten_Database_Threats.pdf

  33. JT Giri, Top 5 cloud security threats you need to understand, 2017, https://tdwi.org/articles/2017/06/09/top-5-cloud-security-threats.aspx

  34. T. Morrow, 12 Risks, Threats, & Vulnerabilities in moving to the cloud, 2018, https://insights.sei.cmu.edu/sei_blog/2018/03/12-risks-threats-vulnerabilities-in-moving-to-the-cloud.html

  35. Credential Theft as a Primary Attack Vector - Detect and Respond to Privileged and Service Account Attacks, Fraud & Breach Prevention Summit 2017, https://www.bankinfosecurity.com/webinars/credential-theft-as-primary-attack-vector-detect-respond-to-privileged-w-1244

  36. Attractive Accounts for Credential Theft, 2017, https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/attractive-accounts-for-credential-theft

  37. W. Ashford, Credential theft a top priority, Rapid 7 report shows, 2018, https://www.computerweekly.com/news/252441129/Credential-theft-a-top-priority-Rapid-7-report-shows

  38. 2017 DBIR: Misuse of stolen credentials unchecked, Out of control, 2017, https://www.secureauth.com/blog/2017-dbir-misuse-stolen-credentials

  39. L. Lazarovitz, C.A. Labs, Evolution of credential theft techniques will be the cyber security battleground of 2018, CyberArk, https://www.cyberark.com/threat-research-blog/cyberark-labs-evolution-credential-theft-techniques-will-cyber-security-battleground-2018/

  40. Ms. Smith, 60% of companies cannot detect compromised credentials, survey says, Privacy And Security Fanatic, CSO from IDG, 2016, https://www.csoonline.com/article/3022066/security/60-of-companies-cannot-detect-compromised-credentials-say-security-pros-surveyed.html

  41. Yubico Engineering, Internet credential theft: common mitigations versus attacker behaviors, https://www.yubico.com/support/whitepapers/internet-credential-theft-common-mitigations-vs-attacker-behaviors/

  42. Windows 10 Credential Theft Mitigation Guide Abstract, https://docs.microsoft.com/en-us/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract

  43. N. Ismail, What business can do to stamp out credential theft? 2017, https://www.information-age.com/business-can-stamp-credential-theft-123469539/

  44. R. Sethi, Preventing credential theft: a security checklist for boards, https://www.darkreading.com/vulnerabilities—threats/preventing-credential-theft-a-security-checklist-for-boards/a/d-id/1330233

  45. M. Kassner, How to make stealing online credentials more difficult for cybercriminals, 2018, https://www.techrepublic.com/article/how-to-make-stealing-online-credentials-more-difficult-for-cybercriminals/

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, St. Xavier’s College, Jaipur, India

    Vaishali Singh

  2. Jagannath University, Jaipur, India

    Vaishali Singh

  3. Govt. of India, Ministry of Electronics & Information Technology, New Delhi, India

    S. K. Pandey

Authors
  1. Vaishali Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. K. Pandey
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vaishali Singh .

Editor information

Editors and Affiliations

  1. IIS Deemed to be University, Jaipur, Rajasthan, India

    Vijay Singh Rathore

  2. Techno India College of Engineering, Kolkata, West Bengal, India

    Nilanjan Dey

  3. Department of Computer Science, University of Milan, Milano, Italy

    Vincenzo Piuri

  4. Porto Accounting and Business School, Polytechnic Institute of Porto, Porto, Portugal

    Rosalina Babo

  5. Jan Wyzykowski University, Polkowice, Poland

    Zdzislaw Polkowski

  6. Faculty of Engineering, University of Porto, Porto, Portugal

    João Manuel R. S. Tavares

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Singh, V., Pandey, S.K. (2021). Revisiting Cloud Security Attacks: Credential Attack. In: Rathore, V.S., Dey, N., Piuri, V., Babo, R., Polkowski, Z., Tavares, J.M.R.S. (eds) Rising Threats in Expert Applications and Solutions. Advances in Intelligent Systems and Computing, vol 1187. Springer, Singapore. https://doi.org/10.1007/978-981-15-6014-9_39

Download citation

Publish with us

Policies and ethics

Search

Navigation