Hackers Set Their Sights On Cloud Services
Thanks to the pandemic, tens of millions of people are working from home.
Even before then, the Cloud was experiencing a tremendous amount of growth, but since shelter in place orders were issued by many governments around the world, growth has absolutely skyrocketed.
This has drawn the attention of a number of hacking groups, which have taken an increased interest in gaining access to Cloud resources, stealing login credentials and then making off with a wide range of sensitive data.
According to statistics gathered by McAfee, the number of attacks aimed squarely at Cloud services have increased by a whopping 630 percent between January and April of this year.
Broadly speaking, the attacks come in two basic flavors:
First, logins from anomalous locations that haven’t previously been used and is not familiar to the organization.
Second, what researchers are calling ‘suspicious superhuman’ logins, which are defined by multiple login attempts in a short span of time from locations scattered across the globe. For instance, you might see one login attempt made in South America with another, a few seconds later, in Asia, and so on.
Rajiv Gupta, the Senior Vice President For Cloud Security at McAfee, had this to say about the company’s findings:
“The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behavior.”
The good news is that there’s a relatively simple way for organizations to reduce the risk to near-zero. Simply enable two-factor authentication and the vast majority of these types of attacks will be doomed to fail.
The bottom line is that the risks are increasing and that’s not likely to change anytime soon. Stay on your guard and make sure your people are aware. Phishing scams are the most common means of gaining access to login credentials.