Before getting into the details on how ‘Doxing’ could pose a threat to cloud security, let’s first understand the term in a technical way. Well, it is the term which gained momentum from situations where hackers gain personal details of targets and used that data to embarrass them on a further note.
Often cyber crooks are seen screening email & social media accounts of celebrities to access and then later publicly post their memorabilia such as N%$E photographs of celebrities on public platforms- either to gain financially or to further embarrass the victim.
Now, coming to the detail on how the term ‘Doxing’ can apply to cloud environments, here’s a gist on it. Attackers usually gather details about a company and its employees from social media accounts or from the websites where their details are dispersed. This publicly available info can then give them a chance to collect details on human security flaws causing significant damage to the reputation of the company.
In today’s world, Cloud providers give a lot of customizable options for developers to write or run applications to be hosted on cloud platforms. As developers have the concern to complete the projects on time, their show laxity towards security practices which often lead hackers to exploit those flaws from the security viewpoint.
Getting details of developers is not a tough job these days as many tech-related discussion platforms can pave way for criminals to send spear phishing emails to attackers.
So, security teams which are testing the cloud platforms with pen tests should also consider the attacker’s reconnaissance abilities while testing their programs. This helps in remediating human security errors like outlining strict norms for employees on what to post and what not to on public platforms.