Cloud Computing v.s. Cyber Security

11 Haziran 2015

Cloud Computing v.s. Cyber Security

Bahtiyar BİRCAN

TOBB-ETUbahtiyarb@gmail.com

Agenda

Cloud Computing Definition

Cloud Properties and Benefits

Cloud Computing fo Cyber Defense

Cloud Computing for Cyber Offense

Case Study: Cloud Based Cyber Attack

2

Cloud Computing

Cloud Computing Definiton

“Cloud computing is a model for enabling convenient, on-demand network

access to a shared pool of configurable computing resources (e.g. ,networks,

servers, storage,applications, and services) that can be rapidly provisioned and

released with minimal management effort or service provider interaction.”

NIST

Cloud computing refers to the on-demand provision of computational

resources (data, software) via a computer network, rather than from a local

computer.

Wikipedia

4

• On-demand self-service

• Dynamic Resource Allocation

• Device / Location Independence

• Distributed architecture

• Scalable and Elastic

• High Computing Power

• High Bandwith

• High Storage Capacity

Cloud Characteristics

5

Cloud Computing Benefits

6

Cloud Models

7

Cloud for Cyber Defense

• DDoS Protection

• Web Application Attack Prevention

• Backup and Disaster Recovery

• Vulnerability Scan

• Penetration Testing & Security Audit

• Log Managamenet / SIEM

• Forensics as a Service

Cloud Usage for Cyber Defense

9

DDoS Protection

Cloud Based DDoS Protection Services

• CloudFlare, Incapsula

10

Web Application Attack Prevention

11

Vulnerability Scanning

12

Vulnerability Scanning

13

Penetration Testing & Security Audit

14

Forensics as a Service

15

Cloud for Cyber Offense

Cloud for Cyber Offense

Hacking as a Service

• Cloud properties for criminals

– Scalability,

– Quick Deployment

– Dynamic resource usage

– High computing power

– High bandwith

• Cyber criminals adapted their

tools and techniques for cloud

computing

• Unfortunately they are better at

using cloud platforms

17

Cloud for Cyber Offense

Cloud Usage in Cyber Offense

• DDoS as a Service

• Botnet as a Service

• Malware as a Service

• Password Cracking

• BotClouds

• C&C Servers

• Warez as a Service

18

DDoS as a Service

19

Source: McAfee

Botnet as a Service

20Source: McAfee

Malware as a Service

21

Source: Solutionary

Password Cracking as a Service

Password Cracking Experiment

• Lentgth: 1-6 character

• Algorithm: SHA1

• Method: Brute Force

• Hardware:

– Amazon cg1.4xlarge

– 22 GB memory

– 2 x Intel Xeon X5570, quad-core

– 2 x NVIDIA Tesla M2050 GPUs

– 1690 GB of instance storage

• Crack time: 49 min

• Price: 2100 $

22

Password Cracking as a Service

23

Command & Control Servers

24

Case Study: Cloud Based Cyber Attack

• How easy it is to build cyberattack infrastructure at cloud?

• Can we build it at no cost ?

• Can we build it anonymously?

Case Study: Cloud Based Cyber Attack

26

Get anonymous e-mail account

Register to cloud provider

Get free trial of cloud Linux image

Install attack software on VM

Register free DNS domain

Start attack

Large scale attack

Attack Scenario

27

• Known e-mail providers: – Gmail,

– Yahoo,

– Yandex,

– Mail.ru

• One-time mail providers– Mailinator

Attack Step 1: Get Anonymous E-mail

28

• Lots of cloud providersgive free trial accounts

– 1 week – 1 year trial

– Amazon

– Rackspace

– Siemens CloudServices

– …

Attack Step 2: Register to Cloud Provider

29

Attack Step 3: Get a Trial of Linux VM Image

30

Attack Step 4: Install Attack Software on VM

31

Attack Step 5: Register Free DNS Domain

32

Attack Step 6: Launch an Attack

Possible Attacks

• Denial of Service

• Port Scanning

• Vulnerability Scan

• Exploitation

• Pshishing Site

• Malware Server

• Password Cracking

33

Attack Step 7: Large Scale Attacks

Creating 20 Cloud Bots

• Script for creating 20 cloud bot servers

34

Attack Step 7: Large Scale Attacks

Creating 1000 Cloud Bots

• Script for creating 1000 cloud bot servers

35

Thanks

Bahtiyar BİRCAN

TOBB-ETUbahtiyarb@gmail.com