Sunday, January 24, 2021
  • Calling [Compiled] Swift from R: Part 2
  • 2020 Data Breaches Point to Cybersecurity Trends for 2021
  • SwiftR Switcheroo: Calling [Compiled] Swift from R!
  • DEF CON 28 Safe Mode IoT Village – Netspooky’s ‘Hella Booters, Why IoT Botnets Aren’t Going Anywhere’
  • Requiescat In Pacem, Henry Louis (Hank) Aaron 1934 – 2021

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Cloud Security Malware Security Bloggers Network 

Home » Cybersecurity » Cloud Security » Malware in the Cloud: What You Need to Know

Malware in the Cloud: What You Need to Know

by Tripwire Guest Authors on September 25, 2018

Cloud security is not as simple as it may seem. Businesses have a shared security responsibility with cloud service providers, but some lack the knowledge to keep up their share of the bargain. Poor configuration and data leaks are common problems that many businesses encounter in the cloud. These issues can lead to malware infecting your cloud computing environment.

Here are a few of the different types of malware that can disrupt your cloud services.

DDoS Attacks

Botnets are becoming more and more common, with malware-as-a-service being offered by more malicious actors at an increasingly cheap price. Self-service cloud offerings allow these attackers to easily gain access and notoriety by launching large-scale DDoS attacks, which have been measured at speeds of up to 30 Gbps. Since cloud computing hosts multiple customers in a single cloud, these attacks can affect your cloud environment, as well.

Hypercall Attacks

An attacker uses a Virtual Machine (VM) to intrude the victim’s VM by exploiting the Virtual Machine Manager (VMM) hypercall handler. This gives the attacker the ability to access VMM privileges and possibly even execute malicious code.

Hypervisor DoS

This attack uses a high percentage of your hypervisor’s resources in order to leverage flaws in design or setup. Researchers found that this malware accounted for 70 percent of malware attacks targeting cloud providers’ hypervisor, which manages customers’ virtual environments. One study found that 71.2 percent of all Xen and 65.8 percent of all KVM vulnerabilities could be exploited by a guest VM. For the sake of context, AWS uses Xen for its hypervisor, and Google uses a proprietary version of KVM.

Co-Location

An attacker tries to find the target VM’s host in order to place their own VM on the same host. This is used to gain leverage in cross-VM side-channel attacks, such (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cloud/malware-cloud/

September 25, 2018September 25, 2018 Tripwire Guest Authors Cloud, Malware, security
  • ← Death, Taxes and Compliance Updates – An Update to NIST 800-171
  • Life (Insurance) and Privacy →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Pam Sornson, JD – Contributed Writer

IAM Best Practices For DevOps

Eric Kedrosky

Identity Risk: Identifying a Misconfigured IAM Trust Policy

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

How Utilities Can Mitigate Cyberthreats
Stealthbits Adds Data Privacy Engine
3 Cybersecurity Challenges for Remotely Operating Critical Systems
Trump Hates Cloud, Because China Cyber?
FBI to Investigate Parler, New Russian Host will be Revoked
What Were BullPhish ID’s Top Phishing Scams of 2020?
Insider Threats Are on the Rise and Growing More Costly. You Need the Right Tools to Detect Them
5 Ways SOAR Improves The Role of DFIR in Cyber Security
Using Social Media OSINT to Determine Actor Locations
New Reolink P2P Vulnerabilities Show IoT Security Camera Risks

Upcoming Webinars

Mon 25

Security Challenges and Opportunities of Remote Work

January 25 @ 1:00 pm - 2:00 pm
Tue 26

Preventing Code Tampering & Verifying Integrity Across Your SDLC

January 26 @ 1:00 pm - 2:00 pm
Thu 28

Protecting Cloud-Native Apps and APIs in Kubernetes Environments

January 28 @ 1:00 pm - 2:00 pm
Feb 03

Too Close to the Sun(burst): A Supply Chain Compromise

February 3 @ 11:00 am - 12:00 pm
Feb 04

Lessons from the FinTech Trenches: Securing APIs at Finastra

February 4 @ 3:00 pm - 4:00 pm
Feb 09

How 2020’s Top 5 Attacks Reveal the Coming Cyberthreats in 2021

February 9 @ 1:00 pm - 2:00 pm
Feb 10

Finding Vulnerabilities in Your Cloud Native Applications Before They Find You!

February 10 @ 11:00 am - 12:00 pm
Feb 11

How to Merge AppSec and DevOps Effectively for the Good of Software

February 11 @ 3:00 pm - 4:00 pm
Feb 17

Finding and Preventing Secrets in Code

February 17 @ 3:00 pm - 4:00 pm
Feb 18

Protecting Sensitive Customer Data in the New Remote Agent Environment

February 18 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

What Are the 5 Elements of Trustworthy Digital Transformation?
CISO Suite Cybersecurity Data Security Governance, Risk & Compliance Identity & Access Industry Spotlight Security Awareness Security Boulevard (Original) 

What Are the 5 Elements of Trustworthy Digital Transformation?

January 22, 2021 Tom Kellermann | 2 days ago 0
5 Questions to Ask When Adopting a New SaaS Tool
Application Security CISO Suite Cybersecurity Data Security Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) 

5 Questions to Ask When Adopting a New SaaS Tool

January 22, 2021 Dudi Cohen | 2 days ago 0
3 Cybersecurity Challenges for Remotely Operating Critical Systems
Application Security Cybersecurity Endpoint Identity & Access Industry Spotlight Network Security Security Awareness Security Boulevard (Original) 

3 Cybersecurity Challenges for Remotely Operating Critical Systems

January 21, 2021 Bill Moore | 3 days ago 0

Top Stories

FBI to Investigate Parler, New Russian Host will be Revoked
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Endpoint Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Uncategorized 

FBI to Investigate Parler, New Russian Host will be Revoked

January 22, 2021 Richi Jennings | 1 day ago 0
Trump Hates Cloud, Because China Cyber?
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) Spotlight Threat Intelligence 

Trump Hates Cloud, Because China Cyber?

January 21, 2021 Richi Jennings | 2 days ago 0
Capitol Rioters ID’ed With Help From Dating Apps
Cyberlaw Cybersecurity Featured Incident Response Mobile Security News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence 

Capitol Rioters ID’ed With Help From Dating Apps

January 18, 2021 Richi Jennings | Jan 18 0

Security Humor

via     the  Comic Noggins  of   Nitrozac     and     Snaggy     at     The Joy of Tech®   !

Joy Of Tech® ‘After Trump’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.