Adversaries Exploiting Hierarchical Structures in IaaS: A Strategic Risk for CISO’s
Adversaries target hierarchical structures to bypass traditional security measures and establish persistent access. Common tactics include:
Privilege Escalation via Misconfigured Roles
Attackers exploit misconfigured roles to escalate privileges. For instance, a user role intended for basic operations might inadvertently have permissions to modify sensitive configurations.
Manipulation of Resource Dependencies
By tampering with resource dependencies, adversaries can redirect network traffic, inject malicious code, or disrupt critical services.
Creation of Stealthy Backdoors
Sophisticated attackers may create hidden backdoors within less-monitored projects or folders, enabling long-term access without detection.
Exploitation of Orphaned Resources
Orphaned resources—those left behind after an entity is deleted—can be exploited for unauthorised access or data exfiltration.