News Hub

Hackers ramp up enterprise cloud attacks as workforces go remote

Written by Wed 27 May 2020

Attacks on cloud accounts grew by 630 percent between January to April

Enterprise cloud accounts have faced an onslaught of cyber attacks in recent months as organisations step up their use of cloud services and collaboration tools.

That’s according to the latest cloud security research from McAfee, which analysed data from its 30 million global McAfee MVISION Cloud users between January and April.

The cyber security company revealed threat events from external actors targeting cloud services increased by 630 percent over the period as hackers attempted to infiltrate cloud accounts with stolen credentials on an unprecendented scale.

“While we are seeing a tremendous amount of courage and global goodwill to overcome the COVID-19 pandemic, we also are unfortunately seeing an increase in bad actors looking to exploit the sudden uptick in cloud adoption created by an increase in working from home,” said Rajiv Gupta, senior vice president, Cloud Security, McAfee.

Writing in Cloud Adoption and Risk Report: Work From Home Edition, McAfee said Microsoft 365 is facing the greatest concentration of external threats, while the transportation and logistics, education and government verticals saw the largest increase in attacks against their cloud accounts.

Transportation and logistical companies saw a 1,350 percent increase in cloud-based attacks, while the education sector experienced a 1114 percent rise and governments a 773 percent uptick.

Although Financial Services suffered the fifth highest increase in attack volume, it still remains the most targeted vertical, with McAfee recording 837 million cloud attacks against the sector between January and April.

Based on a source IP analysis, McAfee said the majority of attacks were launched in Thailand, followed by USA and China. None of the attacks detected appeared to originate in Europe, with McAfee suggesting that Europe’s GDPR regulation was a key factor in the disparity.

The cyber security company said the main challenge for enterprises was to create a security posture compatible with employees’ tendency to circumvent traditional VPN protections when accessing cloud services.

“Modern applications like Microsoft 365 are delivered directly through the cloud, yet many organisations still use a hub-and-spoke network architecture to route cloud traffic through security appliances in their data center,” reads the report. “In reality, employees will do whatever is fastest and easiest. They will turn off their VPN and access applications in the cloud directly.”

Accordingly, McAfee recommended enterprises implement cloud-based secure web gateways, create lists of sanctioned MFA-enabled cloud services that employees can access without a VPN, and only provide “conditional” access to sensitive data in the cloud.

“Mitigating this risk requires cloud-native security solutions that can detect and prevent external attacks and data loss from the cloud and from the use of unmanaged devices,” Gupta explaned.

“Cloud-native security has to be deployed and managed remotely and can’t add any friction to employees whose work from home is essential to the health of their organization,” he added.

Written by Wed 27 May 2020


cloud security Coronavirus Remote Working
Send us a correction Send us a news tip