**4. Vulnerabilities and threats**

Cloud computing being a modern technology offers numerous advantages. In order to harness all these benefits, one has to scrupulously investigate as many cloud security measures as possible. These concerns may vary from vulnerability to malicious code penetration to hijacked accounts to full-scale data breaches. Based on literature searches and analysis efforts, some of the major cloud-unique vulnerabilities and threats were identified which one must consider before making decision to migrate to cloud for opting the services are as follows:


**7**

*Introductory Chapter: Cloud Computing Security Challenges*

**4.2 Denial of service attacks/malware injection**

Cloud computing and services being relatively new and enable accessing remote data via the Internet is the most vulnerable source for misconfiguration or exploitation. This very intrinsic property of cloud becomes unique set of characteristics which make it more vulnerable to all form of data breaches. Data breaches or losses can be any form of cyber security attack in which confidential or sensitive information is stolen, viewed or used by an unauthorized stranger or it may the result out of accidental deletion by service provider or a natural catastrophe, like fire outbreak or earthquake. This may results to the loss of intellectual property (IP) to rivals, impacts the competitive edges, financial losses out of regulatory implications, affecting brand value and goodwill of organization and thus overall market value may be at stake as it foster mistrust from customers and business partners. Though Encryption techniques can protect data but at the cost of system performance. Thus robust and well-tested Data breach avoidance, data loss preventions, data backup and recovery data manage-

ment strategy must be adopted before making up mind to migrate to cloud.

The basic framework of cloud which offers scalability and speed also becomes nurturing ground for delivering super scalable malware. Cloud applications themselves are great weapon for spreading the malicious attacks on a large scale to cause greater harm like hijacking accounts, breaching data. Malware injections are basically code scripts which are embedded into the basic cloud service modules thus run as legitimate instance having access to all the sensitive resources and thus intruder can eavesdrop, compromise the overall integrity of vital information. Denial of Service attack (DoS) makes valuable services unavailable to the legitimate user thus hamper the overall performance and security. DoS may act as catalyst and used as smokescreen to hide the malicious activities bypassing the firewall of cloud and thus can spread easily to cause greater harm instead of infecting one device.

The recent growth and easy adaption of cloud services by organization leads to altogether new set of issues related to hijacking account. Imposter now can easily exploit the ability to gain access to login credentials and thus the sensitive data comprises of business logic, functions, data and applications stored on the remote cloud. Account hijacking which includes scripting bugs, reused password, cross-site scripting enables the intruder to falsify and manipulate information. Man-In-Cloud Attack, Key-logging, Phishing, and buffer overflow are some other similar threats which eventually leads to theft of user token which cloud platform uses to verify each individuals without requiring login credentials typically during data updation or sync. The impact of the account hijacking can be severe, some even leads to significant disruption of business operations by means of complete eliminations of assets and capabilities. Thus account hijacking needs to be dealt seriously as tangible and intangible impact out of leakage of sensitive and personal data may damage the

Volume and scope of the various resources used in cloud environment augmented with complexity and dynamism of resources poses major challenge in configuring effectively for efficient use. Inappropriately configure precious computing

*DOI: http://dx.doi.org/10.5772/intechopen.92544*

**4.1 Data breaches/data loss**

**4.3 Hijacking account**

reputation and band value.

**4.4 Inadequate change control and misconfiguration**

12. Limited cloud usage visibility
