Exam 312-50v12 topic 1 question 75 discussion

C. Cloud hopper attack like 312-50v11 Q141 CEH book V12 Module19 P3155 Cloud hopper attacks are triggered at managed service providers (MSPs) and their customers. Once the attack is successfully implemented, attackers can gain remote access to the intellectual property and critical information of the target MSP and its global users/customers. ... Attackers initiate spear-phishing emails with custom-made malware to compromise user accounts of staff members or cloud service firms to obtain confidential information. ... Attackers breach the security mechanisms impersonating a valid service provider and gain complete access to corporate data of the enterprise and connected customers. .. The attacker then extracts the information from the MSP and uses that information to launch further attacks on the target organization and users.

C. Cloud hopper attack ----------------------------------------- A. Cloud cryptojacking: Unauthorized mining of cryptocurrencies using cloud resources. B. Man-in-the-cloud (MITC) attack: Unauthorized access and manipulation of cloud storage. C. Cloud hopper attack: Targeting cloud service providers to access multiple client networks. D. Cloudborne attack: Exploiting cloud infrastructure vulnerabilities to compromise data or resources.

In the scenario you described, Alice performed a Man-in-the-cloud (MITC) attack. This type of attack involves compromising cloud services by gaining unauthorized access to user accounts and manipulating data stored in the cloud. Alice’s actions of infiltrating the MSP provider, compromising user accounts, and using the cloud service to access and manipulate customer data align with the characteristics of a MITC attack. Cloud cryptojacking, on the other hand, involves using cloud resources to mine cryptocurrency without the owner’s consent, which is not what Alice did in this scenario.

It's C because B would require some data interception...and that is not mentioned

C. Cloud hopper attack

C. Cloud hopper attack

The correct option is C. Cloud hopper attack

C. Cloud hopper attack Book v12 Module 19 Page 1992 "Cloud hopper attacks are triggered at managed service providers (MSPs) and their customers. Once the attack is successfully implemented, attackers can gain remote access to the intellectual property and critical information of the target MSP and its global users/customers. Attackers also move laterally in the network from one system to another in the cloud environment to gain further access to sensitive data pertaining to the industrial entities, such as manufacturing, government bodies, healthcare, and finance"

B. Man-in-the-cloud (MITC) attack Explanation: Alice performed a Man-in-the-cloud (MITC) attack on the target organization's cloud services. A MITC attack is a type of attack in which the attacker gains access to a user's cloud storage account and modifies or deletes data without the user's knowledge. In this case, Alice infiltrated the target's MSP provider by sending spear-phishing emails and distributing custom-made malware to compromise user accounts and gain remote access to the cloud service. She then accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. This allowed her to launch further attacks on the target organization.