Cloud Account Hijacking

Table of Contents

Cloud account hijacking is a process in which an individual or organization’s cloud account is stolen or hijacked by an attacker. Cloud account hijacking is a common tactic in identity theft schemes in which the attacker uses the stolen account information to conduct the malicious or unauthorized activity. When cloud account hijacking occurs, an attacker typically uses a compromised email account or other credentials to impersonate the account owner.

While cloud computing carries with it a wealth of benefits to organizations, including reduced capital costs and on-demand resources, it also provides cybercriminals with an environment ripe for attack, since huge amounts of data are housed in one place. Because the data is stored and accessed on devices and resources often shared across many different users, the risks presented by cloud account hijacking are plentiful.

CLOUD HIJACKING RISKS

In a recent survey, 69 percent of North American IT professionals shared their belief that the risks of using cloud-based services outweighed the benefits. The main reason they cited was a concern for data security. Similarly, in a 2013 report, the Cloud Security Alliance identified service traffic hijacking as the third-greatest cloud computing security risk. These types of security breaches occur when attackers hijack cloud accounts by stealing security credentials and eavesdropping on activities and transactions. Attackers manipulate data, insert false information, and redirect clients to illegitimate sites.

Cloud account hijacking at the enterprise level can be particularly devastating, depending on what the attackers do with the information. Company integrity and reputations can be destroyed, and confidential data can be leaked or falsified causing significant costs to businesses or their customers. Legal implications are also possible for companies and organizations in highly regulated industries, such as healthcare, if clients’ or patients’ confidential data is exposed during cloud account hijacking incidents.

BE PROACTIVE WHEN SELECTING CLOUD SERVICE PROVIDERS

Businesses also should take proactive steps when choosing cloud service providers. One such step is to carefully review potential contracts and compare the cloud security and data-integrity systems of cloud service providers. Companies should also take a data-driven approach when evaluating potential cloud service providers, including considering the number of data loss or interference incidents a cloud service has experienced. You should know how often the cloud service provider experiences downtime and how the service provider monitors and manages vulnerabilities. Companies should choose cloud service providers that allow clients to audit the providers’ performance in these areas.

SIMPLE SOLUTIONS FOR CLOUD ACCOUNT HIJACKING PROTECTION

There are simple, effective steps businesses and organizations can take to keep their data secure on the cloud.

Be sure to:

Check with your service provider to make sure they have conducted background checks on employees who have physical access to the servers in their data centers.
Have a strong method of authentication for cloud app users.
Make sure all of your data is securely backed up if your data is lost in the cloud.
Restrict the IP addresses allowed to access cloud applications. Some cloud apps provide tools to specify allowable IP ranges, forcing users to access the application only through corporate networks or VPNs.
Require multi-factor authentication. Several tools exist that require users to enter static passwords as well as dynamic one-time passwords, which can be delivered via SMS, hardware tokens, biometrics, or other schemes.
Encrypt sensitive data before it goes to the cloud.