Cloud As An Attack Platform

This is a whitepaper that presents an exploratory study of responses from 75 security professionals and ethical hackers in order to understand how they abuse cloud platforms for attack purposes. The participants were recruited at the Black Hat and DEF CON conferences. The researchers presented the participants with various attack scenarios and asked them to explain the steps they would have carried out for launching the attack in each scenario. Participants' responses were studied to understand attackers' mental models, which would improve their understanding of necessary security controls and recommendations regarding precautionary actions to circumvent the exploitation of clouds for malicious activities. They observed that in 93.78% of the responses, participants are abusing cloud services to establish their attack environment and launch attacks.