This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Unit 2 of Cloud
Cloud Threats and Attack Vectors
Cloud-specific attack surfaces and threat landscape: service hijacking, session hijacking, DoS and DDoS attacks, man-in-the-cloud attacks, cloud-specific vulnerabilities, and privacy issues in cloud-based IT services.
Learning outcomes
- Identify and classify cloud computing threats and distinguish them from traditional on-premise threats
- Explain the mechanics of service hijacking, session hijacking, and man-in-the-cloud attacks
- Analyse DoS and DDoS attack vectors targeting cloud infrastructure
- Assess privacy risks and vulnerabilities specific to cloud-based IT service delivery
Topics
Cloud Threat Landscape & Session Hijacking
CSA Top 10 cloud threats, the SSRF-to-IMDS credential theft chain, and IMDSv1 vs IMDSv2.
Service Hijacking, DoS & Economic Denial of Sustainability
Credential exposure channels, EDoS attacks exploiting cloud elasticity, and mitigation controls.
Man-in-the-Cloud Attacks & Privacy in the Cloud
Sync token hijacking, data residency jurisdiction, DPDP Act 2023, and multi-tenancy isolation challenges.
Threat Modelling with STRIDE & MITRE ATT&CK for Cloud
STRIDE threat classification, applying STRIDE to a cloud workload, and the MITRE ATT&CK for Cloud matrix.
Chapter 2 MCQ Self-Assessment
20 multiple-choice questions on cloud threats, attacks and privacy.
Insider Threats & Misconfigured Cloud Storage
The anatomy of S3 bucket misconfiguration, multi-layer access control, real breach case studies, and technical controls for insider threat detection and prevention.
APT Techniques & Lateral Movement in Cloud
How APT groups exploit cloud-native services for initial access, privilege escalation, lateral movement across accounts, and data exfiltration.
Cloud Supply Chain Security & Third-Party Risk
Risks in container image supply chains, dependency confusion, CI/CD pipeline compromise, and third-party SaaS integration.
Cloud Threat Intelligence & Indicators of Compromise
Cloud-specific IOC categories, threat intelligence sources, GuardDuty finding types, integration workflows, and CERT-In advisory consumption.