Thursday, 9 June 2022

Don't let your cloud cybersecurity choices leave the door open for hackers

Cloud software and applications allow staff to work from anywhere. But if your cloud security is poor, cyber criminals can also get in.

Cloud applications and services provide access to business tools, information and software from anywhere, allowing employees to be productive whether they are working in the office, remotely or a combination of the two. Location doesn't matter; everything they need is just in 'the cloud'.

But it isn't only employees and businesses who have benefited from the use of cloud computing and the shift towards remote working – it's proving useful for cyber criminals and malicious hackers too, giving them a new set of opportunities to steal sensitive data such as credit card information, passwords, secret intellectual property and more from unwary cloud users. 

Malicious hackers have found ways to break into networks to gain access to this information, often via phishing attacks or by secretly planting trojan malware – and these were, and remain, common techniques used by cyber criminals to access corporate networks. Cloud computing can provide new targets for these old attacks.

According to research, more than half of companies are enabling poor password security for cloud accounts, allowing weak passwords consisting of under 14 characters, while 44% of cloud accounts allow the user to reuse a password that's linked to another account. 

Weak passwords on cloud accounts are an inviting prospect for attackers, who look for applications with internet-facing login portals and then use automated brute-force attacks to cycle through lists of simple and commonly used passwords in an effort to breach accounts. Weak passwords make it easier for these techniques to work. 

There's also the prospect of cyber criminals getting hold of leaked passwords for users' other accounts, such as their personal email address, online shopping or streaming service, and trying their luck with those against corporate cloud accounts. As it's still common for people to reuse passwords, this tactic could also provide cyber criminals with a means of accessing cloud application suites and other enterprise services.

And because the cyber criminals are using legitimate usernames and passwords to access legitimate accounts used by people who are likely to be working remotely in some capacity, access to the services is unlikely to be questioned as suspicious.

For example, criminals could use access to a legitimate account to take control of the user's emails and send malicious links to their contacts, which are designed to steal sensitive information, or plant malware or even ransomware. The target may not question the link because it comes from someone they know and trust. 

But they might not even need to trick a middle-party to launch a cyberattack; research suggests that as many as 99% of cloud users, services and resources provide excessive permissions. In the vast majority of cases, these permissions, like admin rights, are never required, especially for standard users.  

But if cloud services are misconfigured and admin rights are available where they shouldn't be, hackers can use a simple password as a stepping stone to modify, create or delete cloud environment resources, as well as using them to move around networks to help expand the scope of attacks. And if they hide any accounts they create, the affected organisation will be none the wiser. 

This isn't some theoretical scenario: cyber criminals are actively abusing cloud services to infect networks with trojan malware, including Nanocore, Netwire, and AsyncRAT.

Meanwhile, ransomware campaigns have also been known to exploit exposed or improperly secured cloud services to gain initial access into networks before encrypting as much data as possible and then demanding a multi-million dollar ransom in exchange for the decryption key.  

And it isn't just common cyber criminals who've taken advantage of the rise of remote working and the increase in use of cloud applications: state-backed hacking and cyber-espionage groups are also exploiting vulnerabilities in cloud as a launchpad for campaigns.

Closing the door

But it doesn't have to be this way, and there are several steps that businesses can take to boost the cybersecurity of their cloud applications and software.

One of the key aspects of cloud applications that cyber criminals abuse is weak passwords, so IT departments should do their best to ensure that employees are using strong passwords that can't easily be guessed and that, ideally, aren't used elsewhere. This approach makes it much harder for cyber criminals to breach accounts with brute-force attacks. 

Yet having a strong password won't stop attacks alone, which is why this strategy should be combined with multi-factor authentication (MFA) on all cloud-associated accounts. MFA provides an additional barrier to attacks that requires app-based, SMS-based or hardware-key verification from the user to ensure the attempted login is valid.  

With multi-factor authentication, even if the attacker has the correct password, they can be stopped from getting in – and receiving an alert about an unexpected login attempt should act as a catalyst for the user to change their password. 

It's also important for IT departments to remember that, like other software, cloud applications and services receive security updates and patches; when these are issued, it's vital to install them as soon as possible because this can prevent cyber criminals from exploiting known vulnerabilities to access cloud services.

And it's imperative for information security teams to have a good grasp of what consists of a regular usage pattern for their users. If an employee's cloud account is accessed from an unusual location or at a strange time outside their usual working hours, it could be an indication that their account is being accessed by an intruder and that action needs to be taken.

Cloud services can provide significant benefits for both businesses and their employees, but it's vital that the right choices are made to ensure on-demand IT is used in a productive and secure way.

Courtesy: ZDNet



No comments:

Post a Comment

Amazon Macie: Identifying Sensitive Information in S3 Objects

Amazon Macie: An Overview Amazon Macie is an AWS service designed to help detect sensitive information, such as Personally Identifiable Info...