Cyber Threats in AWS: A
Holistic Approach to
Protecting Your Cloud
Infrastructure
Presented by Nikki Dwivedi
1
, Service name: (1)AWS EC2
Attacks [Description and Source]:
1. Credentials Stuffing
[SSH port open to the world leading to password brute-forcing]
Managing servers in the cloud, such as AWS EC2 instances, often involves using
Secure Shell Access (SSH) for remote administration. While SSH keys are
recommended for their security benefits, many users still create multiple user
accounts with passwords. Leaving the default SSH port open to the internet
attracts automated attackers who attempt to brute-force login credentials,
exploiting password reuse vulnerabilities (known as credentials stuffing).
Traditional defenses involve network monitoring but can be impractical for cloud
environments.
‘https://kloudle.com/blog/4-most-common-misconfigurations-in-aws-ec2-instance
s/’
2. SSRF(Server-Side Request Forgery)
SSRF occurs when an attacker manipulates a web application to make
unintended requests to internal resources or to external systems that the
application has access to. If an EC2 instance is vulnerable to SSRF, an attacker
could potentially manipulate the instance to make requests to internal AWS
metadata endpoints or other AWS services, leading to unauthorized access or
information disclosure. Proper input validation and access controls are crucial to
mitigate SSRF vulnerabilities.
‘https://kloudle.com/blog/4-most-common-misconfigurations-in-aws-ec2-instance
s/’
3. Running Old, Unpatched Versions
Modern applications are built on complex code bases that, like any system, can
2
Holistic Approach to
Protecting Your Cloud
Infrastructure
Presented by Nikki Dwivedi
1
, Service name: (1)AWS EC2
Attacks [Description and Source]:
1. Credentials Stuffing
[SSH port open to the world leading to password brute-forcing]
Managing servers in the cloud, such as AWS EC2 instances, often involves using
Secure Shell Access (SSH) for remote administration. While SSH keys are
recommended for their security benefits, many users still create multiple user
accounts with passwords. Leaving the default SSH port open to the internet
attracts automated attackers who attempt to brute-force login credentials,
exploiting password reuse vulnerabilities (known as credentials stuffing).
Traditional defenses involve network monitoring but can be impractical for cloud
environments.
‘https://kloudle.com/blog/4-most-common-misconfigurations-in-aws-ec2-instance
s/’
2. SSRF(Server-Side Request Forgery)
SSRF occurs when an attacker manipulates a web application to make
unintended requests to internal resources or to external systems that the
application has access to. If an EC2 instance is vulnerable to SSRF, an attacker
could potentially manipulate the instance to make requests to internal AWS
metadata endpoints or other AWS services, leading to unauthorized access or
information disclosure. Proper input validation and access controls are crucial to
mitigate SSRF vulnerabilities.
‘https://kloudle.com/blog/4-most-common-misconfigurations-in-aws-ec2-instance
s/’
3. Running Old, Unpatched Versions
Modern applications are built on complex code bases that, like any system, can
2
