Menu
Use of cloud collaboration tools surges and so do attacks

Use of cloud collaboration tools surges and so do attacks

Top sources for external attacks against enterprise cloud accounts by IP address location have been in Thailand and Vietnam among other nations

Credit: Dreamstime

The Covid-19 pandemic has pushed companies to adapt to new government-mandated restrictions on workforce movement around the world.

The immediate response has been rapid adoption and integration of cloud services, particularly cloud-based collaboration tools such Microsoft Office 365, Slack and videoconferencing platforms. A new report by security firm McAfee shows that hackers are responding to this with increased focus on abusing cloud account credentials.

After analysing cloud usage data that was collected between January and April from over 30 million enterprise users of its MVISION Cloud security monitoring platform, the company estimates a 50 per cent growth in the adoption of cloud services across all industries.

Some industries, however, saw a much bigger spike--for example manufacturing with 144 per cent and education with 114 per cent.

The use rate of certain collaboration and videoconferencing tools has been particularly high. Cisco Webex usage has increased by 600 per cent, Zoom by 350 per cent, Microsoft Teams by 300 per cent and Slack by 200 per cent. Again, manufacturing and education ranked at the top.

While this rise in the adoption of cloud services is understandable and, some would argue, a good thing for productivity in light of the forced work-from-home situation, it has also introduced security risks. McAfee's data shows that traffic from unmanaged devices to enterprise cloud accounts doubled.

"There's no way to recover sensitive data from an unmanaged device, so this increased access could result in data loss events if security teams aren't controlling cloud access by device type."

Cloud threats increased

Attackers have taken notice of this rapid adoption of cloud services and are trying to exploit the situation. According to McAfee, the number of external threats targeting cloud services increased by 630% over the same period, with the greatest concentration on collaboration platforms.

For its report, the company split suspicious login attempts and access into two categories: excessive usage from anomalous location and suspicious superhuman. Both have seen a similar surge and growth pattern over the time period analysed.

Excessive usage from anomalous location: This category is for successful logins from locations that are unusual given the organisation's profile, followed by the user accessing large quantities of data or performing a high number of privileged tasks.

Suspicious superhuman: This category is for logins by the same user from two geographically distant locations over a short period of time -- for example, if the same user logs into one service from one country and then minutes later access a service while using an IP address from a different country.

The transportation and logistics, education and government institutions have seen the largest increases of threat events detected in their cloud accounts. For transportation and logistics, the rise in threats was as high as 1,350 per cent, followed by education with 1,114 per cent, government with 773 per cent, manufacturing with 679 per cent, financial services with 571 per cent and energy with 472 per cent.

The top ten sources for external attacks against enterprise cloud accounts by IP address location have been Thailand, USA, China, India, Brazil, Russia, Laos, Mexico, New Caledonia and Vietnam.

"Many of these attacks are likely opportunistic, essentially 'spraying' cloud accounts with access attempts using stolen credentials," the McAfee researchers said. "However, several prominent industries are often targeted by external threat actors--in particular, financial services. These targeted attacks are often found to have a source in either China, Iran or Russia."

Credential stuffing attacks on the rise

The frequency of credential stuffing attacks, where criminals use lists of leaked or stolen username and password combinations to gain access to accounts, has grown significantly in recent years. Often the used credentials come from third-party data breaches and the attackers attempt to exploit the bad but still common practice of password reuse.

In a report released this year, security and content delivery company Akamai revealed that it observed 85.4 billion credential abuse attacks against organizations worldwide between December 2017 and November 2019. Of those, 473 million attacks targeted the financial sector.

To better protect their employees' cloud accounts and prevent unauthorised access, McAfee recommends that companies implement a cloud-based secure gateway so employees don't need to route their traffic through a VPN or use a cloud access security broker platform with strict policies for device checks and data controls.

If employees need to use their personal devices to access corporate SaaS applications, conditional access should be placed on sensitive data.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags COVID-19

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments