Cloud security: 'Suspicious superhumans' behind rise in attacks on online services

As more people work remotely, hackers are trying to gain access to cloud-based services.

Cloud-based apps are a new entry point for hackers, attacks increased by 630%

Cyberattacks targeting corporate cloud services have increased significantly in the last few months as cyber criminals look to exploit the rise in remote working to gain access to corporate accounts.

The coronavirus pandemic and resulting social-distancing measures have forced organisations and employees to adapt to working from home with the aid of cloud-based collaboration tools.

But the rise in use of these services – which allow users to login and gain access to corporate resources remotely – has also led to a spike in hackers looking to take advantage of their increasing popularity in order to steal login credentials, sensitive information and other data.

SEE: Coronavirus: Effective strategies and tools for remote work during a pandemic

A new report by cybersecurity company McAfee reveals that the number of remote attacks targeting cloud services increased by 630 percent between January and April this year. The figures in the Cloud Adoption & Risk Report are based on data from 30 million McAfee users around the world.

While some corporate login credentials could potentially be bought from underground forums, in many cases, these attempts at hacking cloud accounts will be based around brute-force attacks, with cyber criminals attempting common or simple passwords in an effort to gain access.

The attacks come in two broad categories; the first is excessive usage from an anomalous location, where the login attempts come from a location that hasn't been previously used and isn't familiar to the organisation. The nature of the cloud means that attackers can make login attempts from anywhere.

The second category is what researchers call 'suspicious superhuman', which involves multiple login attempts in a short amount of time from geographically disparate locations that it's impossible for an individual to travel between in a short amount of time.

For example, a user could be seen to login to one app from Asia, but then sign into another a few minutes later from a location in North America. 

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)  

However, because of the spike in the use of cloud services, it might not always be immediately obvious to security teams that something suspicious has happened, especially if they're responsible for monitoring thousands of accounts at a large organisation.

"While we are seeing a tremendous amount of courage and global goodwill to overcome the COVID-19 pandemic, we also are unfortunately seeing an increase in bad actors looking to exploit the sudden uptick in cloud adoption created by an increase in working from home," said Rajiv Gupta, senior vice president for cloud security at McAfee.

"The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behaviour," he added.

While the rise in remote working and attackers looking to exploit it does create potential security problems, organisations can manage the risk relatively simply. One way of achieving this is via the use of multi-factor authentication, so if an attacker does successfully enter the right login credentials, there's an additional barrier stopping them from gaining access to an account.

MORE ON CYBERSECURITY