312-50V11 · Question #974
Thomas, a cloud security professional, is performing security assessment on cloud services to identify any loopholes. He detects a vulnerability in a bare-metal cloud server that can enable hackers to
The correct answer is C. Cloudborne attack. A Cloudborne attack exploits firmware vulnerabilities in bare-metal cloud servers to implant persistent backdoors that survive server wiping and reallocation, compromising subsequent IaaS tenants using the same hardware.
Question
Options
- AMan-in-the-cloud (MITC) attack
- BCloud cryptojacking
- CCloudborne attack
- DMetadata spoofing attack
How the community answered
(32 responses)- A9% (3)
- B3% (1)
- C84% (27)
- D3% (1)
Why each option
A Cloudborne attack exploits firmware vulnerabilities in bare-metal cloud servers to implant persistent backdoors that survive server wiping and reallocation, compromising subsequent IaaS tenants using the same hardware.
Man-in-the-cloud (MITC) attacks abuse legitimate cloud synchronization token mechanisms such as those used by OneDrive or Dropbox to intercept data and maintain persistence, and are unrelated to bare-metal firmware backdoors.
Cloud cryptojacking involves unauthorized hijacking of a victim's cloud compute resources to mine cryptocurrency, not implanting firmware-level backdoors that persist through hardware reallocation.
The Cloudborne attack targets the baseboard management controller (BMC) or firmware layer of bare-metal cloud servers, where attackers can embed malicious backdoors that are not erased during standard server re-provisioning processes. Because firmware persists across operating system reinstalls and disk wipes, a new IaaS customer receiving the same physical hardware unknowingly inherits the compromised firmware. This hardware-level persistence across tenant boundaries is the defining characteristic of the Cloudborne attack vector.
Metadata spoofing attacks exploit cloud instance metadata endpoints such as AWS IMDSv1 to steal IAM credentials or tokens, not to implant persistent backdoors in bare-metal server firmware.
Concept tested: Cloudborne attack exploiting bare-metal cloud firmware
Source: https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/what-is-cloud-attack/
Topics
Community Discussion
No community discussion yet for this question.