Enterprise clouds have become the new bullseye of cyber hackers determined to exploit the distraction caused by the coronavirus pandemic.
According to McAfee, external attacks to cloud accounts increased by 630 per cent as hackers from China, Russia and Iran target enterprises’ fragmented security frameworks caused by a mass office exodus.
The biggest concentration of these attempts fell on services like Microsoft 365, mostly targeting sectors such as transportation and logistics, education and government.
The report, which assessed 30 million McAfee MVision cloud users, claimed use of cloud services increased by 50 percent during the four-month period, including from industries such as manufacturing and financial services that typically rely on legacy on-premises applications.
As an example, the financial services sector increased usage of collaboration services such as Microsoft 365 by 123 per cent, while also seeing an increase in use of business services such as Salesforce by 61 per cent.
Meanwhile, usage of collaboration tools such as Zoom, Cisco Webex, Microsoft Teams and Slack soared by 630 per cent on average in the same period.
Broken down, Cisco Webex gained the biggest upsurge with a rise in 600 per cent, followed by Zoom with a 350 per cent increase.
Microsoft Teams at the same time gained a rise of 300 per cent in user numbers, according to McAfee, while Slack’s grew by 200 per cent.
However, these tools, plus unmanned devices, have largely become targets for access attempts using stolen credentials in so-called “spray attacks”.
According to the report, organisations use to using a VPN infrastructure are now struggling to fend off this upsurge in attacks as their workforces fragment.
“Modern applications like Microsoft 365 are delivered directly through the cloud, yet many
organisations still use a hub-and-spoke network architecture to route cloud traffic through security appliances in their data centre,” it explained.
“In reality, employees will do whatever is easiest and fastest. They will turn off their VPN and access applications in the cloud directly.”
The report described the work-from-home guidelines as “putting to rest archaic models” of connecting into a corporate network through a VPN before going to SaaS, PaaS, or IaaS.
As such it advised organisations to implement a cloud-based secure web gateway that does not require VPN and using a cloud access security broker (CASB).
Other recommendations include setting multi-factor authentication and letting employees use their personal devices to access corporate SaaS applications with conditional access to sensitive data in the cloud.