A CSA survey on the top cloud security concerns has identified the following 12 issues:

• Data breaches
• Weak identity, credentials, and access management
• Insecure APIs
• System and application vulnerabilities
• Account hijacking
• Malicious insiders
• Advanced Persistent Threats (APTs)
• Data loss
• Insufficient due diligence
• Abuse and nefarious use of cloud services
• Denial of service
• Shared technology issues

In addition, service abuse has also become a headache for most e-commerce or shopping sites. Let's take one example to understand how hackers or misconduct users can benefit from it.

Assume that one online shopping store is going to have a 50% discount on one new model phone for only the first 100 customers; it will be available at 12:00 on February 1.

For this kind of sale with 50 % profit is a great attraction for malicious users to do something. What underground users typically may do involves the massive registration of user accounts. There can be more than 10,000 users accounts registered in a short period of time just before the sales. At the moment of the sale, they will use automated scripts to trigger purchase behaviors and finish the orders within seconds. Once they have ordered or occupied all the phones, they may either sell them at higher prices or even not pay for the orders.

Is this illegal? These behaviors follow the business rules for registration and purchases. Although the behavior may not be against the law, it may be considered misconduct or service abuse. Therefore, this kind of on-sale activity may require additional business rules and regulations. After all, it's not purely hacking behavior. We will discuss this in later chapters. Here, we provide an overview of alleviating measures, which can be by means of business rules or technical approaches:

• The sale is only limited to those customers with a certain period of purchase history
• Apply CAPTCHA to distinguish humans from machines
• Two-factor authentication and registration via phone SMS
• Detection and correlation of IP, phone number, email, account ID, physical address, and GeoIP location
• Unusual page browsing behavior such as skipping products and jumping to the purchase directly
• Unusual massive logins or registration from the same IP or devices