Cyberattacks targeting corporate cloud services have increased significantly in the last few months as cyber criminals look to exploit the rise in remote working to gain access to corporate accounts.
The coronavirus pandemic and resulting social-distancing measures have forced organisations and employees to adapt to working from home with the aid of cloud-based collaboration tools.
- Top cloud providers in 2020: AWS, Microsoft Azure, and Google Cloud, hybrid, SaaS players
- The best email hosting services: G Suite and Microsoft 365 are not your only options
- Best cloud storage services in 2020: Google Drive, OneDrive, Dropbox, and more
- What is cloud computing? Everything you need to know
- Zoom vs. Microsoft Teams: Which video chat app to use? (CNET)
- Zoom: A cheat sheet (TechRepublic)
But the rise in use of these services – which allow users to login and gain access to corporate resources remotely – has also led to a spike in hackers looking to take advantage of their increasing popularity in order to steal login credentials, sensitive information and other data.
A new report by cybersecurity company McAfee reveals that the number of remote attacks targeting cloud services increased by 630 percent between January and April this year. The figures in the Cloud Adoption & Risk Reportare based on data from 30 million McAfee users around the world.
While some corporate login credentials could potentially be bought from underground forums, in many cases, these attempts at hacking cloud accounts will be based around brute-force attacks, with cyber criminals attempting common or simple passwords in an effort to gain access.
The attacks come in two broad categories; the first is excessive usage from an anomalous location, where the login attempts come from a location that hasn’t been previously used and isn’t familiar to the organisation. The nature of the cloud means that attackers can make login attempts from anywhere.
The second category is what researchers call ‘suspicious superhuman’, which involves multiple login attempts in a short amount of time from geographically disparate locations that it’s impossible for an individual to travel between in a short amount of time.
For example, a user could be seen to login to one app from Asia, but then sign into another a few minutes later from a location in North America.
However, because of the spike in the use of cloud services, it might not always be immediately obvious to security teams that something suspicious has happened, especially if they’re responsible for monitoring thousands of accounts at a large organisation.
“While we are seeing a tremendous amount of courage and global goodwill to overcome the COVID-19 pandemic, we also are unfortunately seeing an increase in bad actors looking to exploit the sudden uptick in cloud adoption created by an increase in working from home,” said Rajiv Gupta, senior vice president for cloud security at McAfee.
“The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behaviour,” he added.
While the rise in remote working and attackers looking to exploit it does create potential security problems, organisations can manage the risk relatively simply. One way of achieving this is via the use of multi-factor authentication, so if an attacker does successfully enter the right login credentials, there’s an additional barrier stopping them from gaining access to an account.
MORE ON CYBERSECURITY
- Jump in vulnerable RDP ports is leaving networks open to hacking and cyberattacks
- Working from home makes you vulnerable to hackers. Here’s how to stay safe CNET
- Cybersecurity staff are being transferred to IT support. That’s adding to the risk of data breaches
- Coronavirus: Critical IT policies and tools every business needs TechRepublic
- Remote working: Security tips for working from home