Account Hijacks Affect Everybody, Even ‘Top Dogs’

Being “cool and smart” was the name of the game when we were at school, and it seems nothing really changes as we get older. With the ‘cool factor’ among IT professionals translating into the adoption of modern IT technology, it’s not surprising to see why today’s businesses are being pushed ever faster towards to the cloud.

But of course there are other good reasons why 70% of companies (Gartner 2016) are already moving their IT infrastructure closer to the stars with cloud services. Whether it be data storage and servers or the increasing use of SaaS products, cloud computing allows businesses much greater agility and enables them to deliver applications at a fraction of the cost and time.

This is the modern world of IT. As budgets continue to be squeezed, the ‘Try Before You Buy’ model that cloud services offer, along with the option to stop a subscription, is often irresistible to economical companies. Integration is also usually instant and requires next to zero down time, if any at all.

“70% of companies (Gartner 2016) are already moving their IT infrastructure
closer to the stars with cloud services.”

However, like the school days, being cool also meant your ‘Top Dog’ status was vulnerable to competitors or enemies. So too is it the case with the use of cloud computing. As a result, it is crucial that those who adopt the latest tools are aware of their weaknesses.

The main security challenges of cloud services are:

They Are Externally Exposed – Cloud services can typically be accessed from any location and any device; all that is required is an internet connection. While easy access can be an advantage for agile companies the result is that services which run in the cloud are also more exposed to breach attempts than those that run on premise services and remain behind the perimeter.

They Only Come With Default Security – Typically cloud services are provided with some basic security in place, security that still allows unrestricted open internet file sharing and the propagation of malware through file sharing.

As a result of these security challenges, there are three main attack vectors that cloud services make vulnerable to organizations; The first is ‘Account Hijacks’, that is gaining unauthorized access to an individual or organization’s email or computer account for malicious purposes. According to a recent Check Point survey, Account Hijacks were the biggest concern amongst customers and partners. The second is ‘Malware Delivery’ and propagation especially through in-app file sharing services, such as Box or One Drive cloud apps, in order to commit a variety of cyber-crimes. And finally ‘Data Leaks’ which so easily occur, either intentionally or unintentionally, due to the seamlessness of sharing information when using cloud services. 

Indeed, due to these security challenges of the cloud, the Check Point Incident Response team is seeing cloud services, both SaaS and IaaS, security breaches becoming increasingly common. A recent case saw customers of a North American financial services company transfer funds to a bogus foreign bank account set up by cyber-criminals. Through a phishing attack, the criminals had managed to compromise a company employee’s Office 365 account and send emails to customers posing as an official accounting representative in order to carry out the theft. Several millions of dollars were transferred before the breach was discovered.

But you don’t have to be working in an Incident Response team to notice this problem. On an almost daily basis the news headlines tell a similar story. Last month, Deloitte, one of the world’s largest accountancy firms, was the victim of a cyber-attack that went unnoticed for months and had affected six of their clients. It is strongly believed that the hackers breached an administrator account of Deloitte’s email system, which was stored in the Azure cloud.

Attacks have also reached national government levels. Earlier this year, 90 email accounts of members of the UK Parliament, including the Prime Minister’s, were hacked. The response by the UK government’s digital team was to shut down access to email for all those affected in order to avoid any potential blackmail attempts the hackers could have carried out.

As seen from the above examples though, whether they are financial, informational or reputational, the overall effect on victims of these types of attacks is huge. And what they all have in common is their direct connection with the vulnerabilities of the cloud.

Often the solutions to these security challenges currently available are not good enough. They are cumbersome, create larger cost overheads for IT departments and are usually incomplete and inefficient. Evidence of this, as we have seen, is the high, and increasing, number of breaches occurring worldwide and at every level, even including enterprises that invest heavily in security services and products.

The good news though is that Account Hijacks can be prevented. So just as you were able to be the coolest   kid at the school prom you can also still be the coolest and most modern IT hero in your organization.

In the next article in this series we will be looking at some of the methods used in Account Hijacks.