Sunday, June 4, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • BSidesSF 2023 - Sanchay Jaipuriyar - Overwatch: A Serverless Approach To Orchestrating Your Security Automation
  • Why is Identity Security Awareness Becoming the Need of the Hour?
  • Fuzz Testing and Medical Devices
  • MOVEit Transfer Software: Critical Zero-day Being Actively Exploited
  • How to Stay Ahead of Future Requirements for the NIST SSDF
Cloud Security Malware Security Bloggers Network 

Home » Cybersecurity » Cloud Security » Malware in the Cloud: What You Need to Know

SBN

Malware in the Cloud: What You Need to Know

by Tripwire Guest Authors on September 25, 2018

Cloud security is not as simple as it may seem. Businesses have a shared security responsibility with cloud service providers, but some lack the knowledge to keep up their share of the bargain. Poor configuration and data leaks are common problems that many businesses encounter in the cloud. These issues can lead to malware infecting your cloud computing environment.

Here are a few of the different types of malware that can disrupt your cloud services.

DDoS Attacks

Botnets are becoming more and more common, with malware-as-a-service being offered by more malicious actors at an increasingly cheap price. Self-service cloud offerings allow these attackers to easily gain access and notoriety by launching large-scale DDoS attacks, which have been measured at speeds of up to 30 Gbps. Since cloud computing hosts multiple customers in a single cloud, these attacks can affect your cloud environment, as well.

Hypercall Attacks

An attacker uses a Virtual Machine (VM) to intrude the victim’s VM by exploiting the Virtual Machine Manager (VMM) hypercall handler. This gives the attacker the ability to access VMM privileges and possibly even execute malicious code.

Hypervisor DoS

This attack uses a high percentage of your hypervisor’s resources in order to leverage flaws in design or setup. Researchers found that this malware accounted for 70 percent of malware attacks targeting cloud providers’ hypervisor, which manages customers’ virtual environments. One study found that 71.2 percent of all Xen and 65.8 percent of all KVM vulnerabilities could be exploited by a guest VM. For the sake of context, AWS uses Xen for its hypervisor, and Google uses a proprietary version of KVM.

Co-Location

An attacker tries to find the target VM’s host in order to place their own VM on the same host. This is used to gain leverage in cross-VM side-channel attacks, such (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/cloud/malware-cloud/

September 25, 2018September 25, 2018 Tripwire Guest Authors Cloud, Malware, security
  • ← Death, Taxes and Compliance Updates – An Update to NIST 800-171
  • Life (Insurance) and Privacy →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Sun 04

Simplify, Secure, Strengthen: Implementing Zero-Trust Across Your Endpoints

May 17 @ 1:00 pm - July 12 @ 2:00 pm
Thu 08

ActiveState Workshop: Building Secure and Reproducible Open Source Runtimes

June 8 @ 1:00 pm - 2:00 pm
Tue 13

Uncovering the Hidden Cybersecurity Threat in Your Organization

June 13 @ 1:00 pm - 2:00 pm
Wed 14

Enrich Security Investigations With ServiceNow Asset Data in Snowflake

June 14 @ 3:00 pm - July 24 @ 4:00 pm
Thu 15

Securing Containers & Kubernetes With AWS And Calico

June 15 @ 3:00 pm - 4:30 pm
Thu 22

Strange Bedfellows: Software, Security and the Law

June 22 @ 11:00 am - 12:00 pm
Thu 22

Sneak Peek: Cloud Security Prioritized With Sonrai

June 22 @ 1:00 pm - 2:00 pm
Thu 22

Unleash the Potential of Your Log and Event Data, Including AI’s Growing Impact

June 22 @ 3:00 pm - 4:00 pm
Jul 24

Identity and Access Management

July 24 @ 1:00 pm - 2:00 pm
Feb 12

Ransomware

February 12, 2024 @ 1:00 pm - 2:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

Understanding the Progression of a Ransomware Attack
‘Predator’ — Nasty Android Spyware Revealed
Failure to Pay Ransom: Negligence?
Making a Case for Single-Vendor SASE
Legacy AppSec Tools Getting Lost in the Cloud
Malicious extensions: Avast detects new threats on the Chrome Web Store
Why Attackers Target the Gaming Industry
Do you Know how to Protect Against Ransomware in 2023?
Discord Admins Hacked by Malicious Bookmarks
Why Cloud Did Not Kill the Data Center

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

Dark Web Threats Target Energy Industry as Cybercrime Tactics Shift
Analytics & Intelligence Cybersecurity Governance, Risk & Compliance Industry Spotlight IoT & ICS Security Malware Security Boulevard (Original) Threat Intelligence 

Dark Web Threats Target Energy Industry as Cybercrime Tactics Shift

June 2, 2023 Nathan Eddy | 1 day ago 0
‘Predator’ — Nasty Android Spyware Revealed
Analytics & Intelligence API Security Cyberlaw Cybersecurity Data Security Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Predator’ — Nasty Android Spyware Revealed

May 30, 2023 Richi Jennings | 4 days ago 0
Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift
Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Industry Spotlight News Security Boulevard (Original) Spotlight 

Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift

May 23, 2023 Michael Vizard | May 23 0

Top Stories

Russia Says NSA Hacked iOS With Apple’s Help — we Triangulate Kaspersky’s Research
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Incident Response Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

Russia Says NSA Hacked iOS With Apple’s Help — we Triangulate Kaspersky’s Research

June 2, 2023 Richi Jennings | 1 day ago 0
COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT
Analytics & Intelligence API Security Cloud Security Cyberlaw Cybersecurity Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response IOT IoT & ICS Security Malware Most Read This Week Network Security News Popular Post Security Boulevard (Original) Security Operations Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT

May 26, 2023 Richi Jennings | May 26 0
Federal Appellate Court Approves ‘Pretext’ Border Search
Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) 

Federal Appellate Court Approves ‘Pretext’ Border Search

May 26, 2023 Mark Rasch | May 26 0

Security Humor

Eugene Kaspersky—is he a useful idiot?

Russia Says NSA Hacked iOS With Apple’s Help — we Triangulate Kaspersky’s Research

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.