I have multiple Hetzner cloud servers (Ubuntu 18.04) and I have encrypted the home directory with a +128-bit encryption using cryptsetup/LUKS. The server may only be accessed with SSH or Wireguard. SSH port is non-standard and we use also fail2ban and password login is disabled. The servers don't have any open ports in addition to the mentioned SSH and Wireguard. These ports are also open only to selected few IP addresses.
As the home directory is encrypted on the fly, should the server be stolen or the disks taken, our data is safe. Also as the server is only accessible via SSH/Wireguard I am not overly worried about unauthorized logins.
What attack vectors there are that I should be worried about? I suppose that cloud server providers have the means to study a running server instance's memory and extract encryption keys. Also some side channel attack may be possible. Any other possibilities? Are there practical attacks that could penetrate iptables? I not worried about DDoS, only the security of our data. I know that state level agencies have their ways and could attack our servers for example via our desktops. But I am mainly interested what are the cloud operator's possibilities to access our data and also are the viable remote attacks?
