When moving to cloud computing, you have to consider the following security issues in order to enhance your data safety.
Session riding attack works based on session cookies and takes advantage of the user's previously authenticated session. Account hijacking or session riding is not new to cloud service providers and users. Hackers manage to gain access to login credentials and can easily track user activities. A similar attack occurs when attackers access cloud drive files without user credentials. This type of attack works by stealing the password token via a phishing attack or drive-by-exploit, a small file that sits on a user's device for convenience (saving the user from entering their password each time). Once attackers gain access, they can access and steal files, and even add malware or ransomware to the victim's cloud folder, which can be used for further attacks.
Cloud-based DDoS attacks are a big threat now that it's very easy to turn thousands of VMs on and off quickly. Attackers do not launch such attacks from one service provider and one location—the intensity of the attack would be very high if machines are spread over multiple locations with each generating traffic towards the victim. Service providers also have detection mechanisms to detect unusual traffic, so the chance of getting caught is very high if a high volume of attacks are launched from one service provider. Another type of attack is a brute force attack. This can be a very powerful attack if launched from cloud, which can test thousands of password per second and can even break SHA-1 hashes.
A Cloud Application Programming Interface (Cloud API) is a type of API, generally based on the Representational State Transfer (REST) that enables the development of applications and services used for the provisioning of cloud hardware, software, and platforms. Cloud networks are typically put at risk by insecure or improper API. We have previously discussed system-specific vulnerabilities like Meltdown and Spectre.