You’ve heard about “drive-by download” attacks where you can get whacked by just visiting a web page. But what about “cloud drive-by” attacks?
Cloud drive by’s are a lot like when you imagine when you think about an actual, on the street, drive-by attack. In these gangland type attacks, the perpetrators drive by a location and essentialy spray an area with bullets in the hope of achieving a general or specific goal. In a similar manner, cloud drive-by attackers do the same thing, with what you might consider something akin to a “spray and pray” approach to compromising cloud-based assets.
In a blog post by Craig Nelson at Microsoft, he describes what the Microsoft Security Response Center (MSRC) encounters “in the wild” and provides some suggestions on what you can do *now* to help protect your cloud-based assets from cloud drive-by’s.
This article is a definite keeper!
Best Practices to protect your Azure deployment against “cloud drive-by” attacks