Data Security Knowledge Base
What is Cloud Account Hijacking?
A Definition of Cloud Account Hijacking
Cloud account hijacking is a process in which an individual or organization’s cloud account is stolen or hijacked by an attacker. Cloud account hijacking is a common tactic in identity theft schemes in which the attacker uses the stolen account information to conduct malicious or unauthorized activity. When cloud account hijacking occurs, an attacker typically uses a compromised email account or other credentials to impersonate the account owner.
While cloud computing carries with it a wealth of benefits to organizations, including reduced capital costs and on-demand resources, it also provides cyber criminals with an environment ripe for attack, since huge amounts of data are housed in one place. Because the data is stored and accessed on devices and resources often shared across many different users, the risks presented by cloud account hijacking are plentiful.
Cloud Hijacking Risks
In a recent survey, 69 percent of North American IT professionals shared their belief that the risks of using cloud-based services outweighed the benefits. The main reason they cited was a concern for data security. Similarly, in a 2013 report, the Cloud Security Alliance identified service traffic hijacking as the third-greatest cloud computing security risk. These types of security breaches occur when attackers hijack cloud accounts by stealing security credentials and eavesdropping on activities and transactions. Attackers manipulate data, insert false information, and redirect clients to illegitimate sites.
Cloud account hijacking at the enterprise level can be particularly devastating, depending on what the attackers do with the information. Company integrity and reputations can be destroyed, and confidential data can be leaked or falsified causing significant cost to businesses or their customers. Legal implications are also possible for companies and organizations in highly regulated industries, such as healthcare, if clients’ or patients’ confidential data is exposed during cloud account hijacking incidents.
Be Proactive When Selecting Cloud Service Providers
Businesses also should take proactive steps when choosing cloud service providers. One such step is to carefully review potential contracts and compare the cloud security and data-integrity systems of cloud service providers. Companies should also take a data-driven approach when evaluating potential cloud service providers, including considering the number of data loss or interference incidents a cloud service has experienced. You should know how often the cloud service provider experiences downtime and how the service provider monitors and manages vulnerabilities. Companies should choose cloud service providers that allow clients to audit the providers’ performance in these areas.
Simple Solutions for Cloud Account Hijacking Protection
There are simple, effective steps businesses and organizations can take to keep their data secure on the cloud. Be sure to:
- Check with your service provider to make sure they have conducted background checks on employees who have physical access to the servers in their data centers.
- Have a strong method of authentication for cloud app users.
- Make sure all of your data is securely backed up in the event that your data is lost in the cloud.
- Restrict the IP addresses allowed to access cloud applications. Some cloud apps provide tools to specify allowable IP ranges, forcing users to access the application only through corporate networks or VPNs.
- Require multi-factor authentication. Several tools exist that require users to enter static passwords as well as dynamic one-time passwords, which can be delivered via SMS, hardware tokens, biometrics, or other schemes.
- Encrypt sensitive data before it goes to the cloud.
More Secure Solutions for Cloud Account Hijacking Defense
For bolstered data theft protection, companies should choose security platforms that extend to the cloud and mobile. These types of data security platforms should include cloud security capabilities such as end-to-end encryption, application control, continuous data monitoring, and the ability to control or block risky data activity based on behavioral and contextual factors involving the user, event, and data access type. This data-aware and comprehensive approach enables organizations to effectively manage cloud security risks while capitalizing on the benefits offered by cloud computing.