**4.3 Hijacking account**

The recent growth and easy adaption of cloud services by organization leads to altogether new set of issues related to hijacking account. Imposter now can easily exploit the ability to gain access to login credentials and thus the sensitive data comprises of business logic, functions, data and applications stored on the remote cloud. Account hijacking which includes scripting bugs, reused password, cross-site scripting enables the intruder to falsify and manipulate information. Man-In-Cloud Attack, Key-logging, Phishing, and buffer overflow are some other similar threats which eventually leads to theft of user token which cloud platform uses to verify each individuals without requiring login credentials typically during data updation or sync. The impact of the account hijacking can be severe, some even leads to significant disruption of business operations by means of complete eliminations of assets and capabilities. Thus account hijacking needs to be dealt seriously as tangible and intangible impact out of leakage of sensitive and personal data may damage the reputation and band value.

### **4.4 Inadequate change control and misconfiguration**

Volume and scope of the various resources used in cloud environment augmented with complexity and dynamism of resources poses major challenge in configuring effectively for efficient use. Inappropriately configure precious computing resources, results in making these resources soft target for vulnerable malicious undesired activities and thus entire cloud repositories may exposed to intruders. The overall business impact depends on the nature of the misconfiguration, and how quickly it has been detected and resolved. Excessive undesirable permission, unrestricted access to ports and services, unsecured data storage, unchanged default credentials & configuration settings, disabling standard security controls, logging & monitoring are some typical issues related with misconfiguration which must be dealt with utmost care by continuously scanning for misconfigured resources in real time as traditional change control and configuration management technique becomes ineffective in cloud environment.
