Cybercriminals targeting cloud services amid shift to remote working

The move to remote working spurred by the coronavirus pandemic has triggered a surge in the use of cloud services. Such virtual meeting and collaboration platforms as Microsoft 365, Microsoft Teams, Zoom, Cisco’s Webex, and Google Hangouts have all seen increased demand. But that trend has also made these services and their users more of an open target for cybercriminals looking to capture or exploit account credentials. The “Cloud Adoption and Risk Report” released Wednesday by McAfee shows how attackers are taking advantage of cloud services and what organizations can do to better protect themselves.

Based on cloud-usage data from 30 million McAfee MVISION cloud users between January and April 2020, the security provider found a 50% increase overall in the use of cloud services. Some of the largest gains have been seen with Webex, Zoom, Microsoft Teams, and Slack across such industries as manufacturing, education, real estate and construction, government, and financial services.

A rise in cloud access has also been observed from unmanaged devices, typically personal devices owned by the user and not approved or managed by IT.

SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)

The volume of cyberthreats against cloud services has shot up by 630% since the start of the year, with the greatest focus on collaboration tools such as Microsoft 365. Many of the attacks are likely opportunistic, meaning they’re using stolen account credentials for password spraying campaigns. These threats fall into two types of categories as named by McAfee:

Excessive use from an anomalous location. In this instance, the access comes from a location not previously detected and atypical to the user’s organization. The attacker tries to access a high volume of data, in some cases using privileged accounts.
Suspicious superhuman. In this case, the login attempts come from multiple locations within a short period of time, covering distances that would be impossible to travel so quickly. As one example, the same user account tries to sign into Microsoft 365 in Singapore and then signs into Slack in California just five minutes later.

Cloud threat events across all industries.
Image: McAfee

Among targeted industries, transportation and logistics were hit by the largest increase in cyberthreats, followed by education, government, manufacturing, financial services, and then energy and utilities. Based on IP address, the top countries from which the attacks stem include Thailand, the US, China, India, Brazil, Russia, Laos, Mexico, New Caledonia, and Vietnam. The top ten are all outside of Europe, which as McAfee points out, is home to some of the tightest data protection laws in the world.

“The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behavior,” Rajiv Gupta, senior vice president of Cloud Security for McAfee, said in a press release. “Mitigating this risk requires cloud-native security solutions that can detect and prevent external attacks and data loss from the cloud and from the use of unmanaged devices. Cloud-native security has to be deployed and managed remotely and can’t add any friction to employees whose work from home is essential to the health of their organization.”

To help organizations rethink and tighten their cloud security, McAfee offers the following suggestions:

Think cloud-first. A cloud-centric security mindset can support the increase in cloud use and combat cloud-native threats. Enterprises need to shift their focus to data in the cloud and to cloud-native security services so they can maintain full visibility and control with a remote, distributed workforce.
Consider your network. Remote work reduces the ability of hub-and-spoke networking to work effectively with scale. Network controls should be cloud-delivered and should connect remote users directly to the cloud services they need.
Consolidate and reduce complexity. Cloud-delivered network security and cloud-native data security should smoothly interoperate, ideally being consolidated to reduce complexity and total cost of ownership and increase security effectiveness and responsiveness.
Implement a cloud-based secure web gateway so that corporate devices are protected against web-based threats without requiring routing through a VPN.
Allow employees to connect to sanctioned cloud services from their corporate devices without using their VPN by protecting data with a cloud access security broker (CASB).
Set the policy in your CASB so that cloud services have device checks and data controls and are protected from attackers who can access Software as a Service (SaaS) accounts over the internet.
Let employees use their personal devices to access corporate SaaS applications to maintain productivity, with conditional access to sensitive data in the cloud.

Image: Rick_Jo, Getty Images/iStockphoto

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The Best Human Resources Payroll Software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE This policy describes the organization’s employee privacy guidelines and outlines employee privacy expectations. From the policy: POLICY DETAILS The organization’s IT equipment, services and systems are intended for business use only. However, the organization acknowledges that staff, consultants and volunteers occasionally require opportunities to make or receive personal phone calls, access personal email, utilize ...

PURPOSE The purpose of this Security Response Policy from TechRepublic Premium is to outline the security incident response processes which must be followed. This policy will assist to identify and resolve information security incidents quickly and effectively, thus minimizing their business impact and reducing the risk of similar incidents recurring. It includes requirements for both ...

PURPOSE This policy from TechRepublic Premium provides guidelines for reliable and secure backups of end user data. It outlines the responsibilities of IT departments and employees to identify tasks and action items for each group. The policy can be customized to fit the needs of your organization. From the policy: IT STAFF RESPONSIBILITIES IT staff ...

Cybercriminals targeting cloud services amid shift to remote working