312-50v12 Exam QuestionsBrowse all questions from this exam
Go to Exam

312-50v12 Exam - Question 75

Alice, a professional hacker, targeted an organization’s cloud services. She infiltrated the target’s MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attacks on the target organization.

Which of the following cloud attacks did Alice perform in the above scenario?

Show Answer
Correct Answer: C

Alice performed a cloud hopper attack. This type of attack targets cloud service providers (such as managed service providers - MSPs) to gain access to their client networks. The attacker infiltrates the service provider through methods like spear-phishing and distributes malware to compromise user accounts. Once inside, the attacker can access and extract sensitive data, which can be used to launch further attacks on the target organization and its customers. This scenario fits the characteristics of a cloud hopper attack.

Discussion

9 comments
Sign in to comment
jeremy13Option: C
Apr 12, 2023

C. Cloud hopper attack like 312-50v11 Q141 CEH book V12 Module19 P3155 Cloud hopper attacks are triggered at managed service providers (MSPs) and their customers. Once the attack is successfully implemented, attackers can gain remote access to the intellectual property and critical information of the target MSP and its global users/customers. ... Attackers initiate spear-phishing emails with custom-made malware to compromise user accounts of staff members or cloud service firms to obtain confidential information. ... Attackers breach the security mechanisms impersonating a valid service provider and gain complete access to corporate data of the enterprise and connected customers. .. The attacker then extracts the information from the MSP and uses that information to launch further attacks on the target organization and users.

sausagemanOption: C
Apr 17, 2023

C. Cloud hopper attack Book v12 Module 19 Page 1992 "Cloud hopper attacks are triggered at managed service providers (MSPs) and their customers. Once the attack is successfully implemented, attackers can gain remote access to the intellectual property and critical information of the target MSP and its global users/customers. Attackers also move laterally in the network from one system to another in the cloud environment to gain further access to sensitive data pertaining to the industrial entities, such as manufacturing, government bodies, healthcare, and finance"

Vincent_LuOption: C
Jun 17, 2023

C. Cloud hopper attack ----------------------------------------- A. Cloud cryptojacking: Unauthorized mining of cryptocurrencies using cloud resources. B. Man-in-the-cloud (MITC) attack: Unauthorized access and manipulation of cloud storage. C. Cloud hopper attack: Targeting cloud service providers to access multiple client networks. D. Cloudborne attack: Exploiting cloud infrastructure vulnerabilities to compromise data or resources.

victorfsOption: C
May 14, 2023

The correct option is C. Cloud hopper attack

581777aOption: C
Aug 4, 2023

C. Cloud hopper attack

eli117Option: B
Apr 4, 2023

B. Man-in-the-cloud (MITC) attack Explanation: Alice performed a Man-in-the-cloud (MITC) attack on the target organization's cloud services. A MITC attack is a type of attack in which the attacker gains access to a user's cloud storage account and modifies or deletes data without the user's knowledge. In this case, Alice infiltrated the target's MSP provider by sending spear-phishing emails and distributing custom-made malware to compromise user accounts and gain remote access to the cloud service. She then accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. This allowed her to launch further attacks on the target organization.

insaniuntOption: C
Dec 26, 2023

C. Cloud hopper attack

LordXanderOption: C
Mar 23, 2024

It's C because B would require some data interception...and that is not mentioned

remreyOption: B
Jul 18, 2024

In the scenario you described, Alice performed a Man-in-the-cloud (MITC) attack. This type of attack involves compromising cloud services by gaining unauthorized access to user accounts and manipulating data stored in the cloud. Alice’s actions of infiltrating the MSP provider, compromising user accounts, and using the cloud service to access and manipulate customer data align with the characteristics of a MITC attack. Cloud cryptojacking, on the other hand, involves using cloud resources to mine cryptocurrency without the owner’s consent, which is not what Alice did in this scenario.