A company is concerned that its cloud VM is vulnerable to a cyberattack and proprietary data may be stolen.
A penetration tester determines a vulnerability does exist and exploits the vulnerability by adding a fake VM instance to the IaaS component of the client's VM.
Which of the following cloud attacks did the penetration tester MOST likely implement?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The penetration tester in this scenario added a fake VM instance to the Infrastructure-as-a-Service (IaaS) component of the client's VM after exploiting a vulnerability. This attack is known as a VM escape or VM hopping attack.
Based on the given options, the most likely attack that the penetration tester implemented is C. Malware injection.
Malware injection is a technique used to inject malicious software into a system or application to perform various malicious activities such as stealing data, gaining unauthorized access, or disrupting services. In this case, the penetration tester may have injected malware into the client's cloud VM to gain access to sensitive data.
Option A, Direct-to-origin, refers to attacks that target the origin server directly to gain unauthorized access or steal data. This is not applicable to the scenario given.
Option B, Cross-site scripting (XSS), is a type of attack that allows an attacker to inject malicious code into a web page viewed by other users. This is also not applicable to the scenario given as it is not related to cloud VMs.
Option D, Credential harvesting, refers to the practice of obtaining usernames and passwords or other credentials from unsuspecting victims. While credential harvesting is a common technique used in cyberattacks, it is not applicable to this scenario as there is no mention of credentials being obtained.
In conclusion, the most likely cloud attack that the penetration tester implemented is C. Malware injection.