A Hacker’s Perspective: How Easy it is to Steal Data Through Consumer Cloud Services

As more people want to work from home, businesses discover the benefits associated with consumer cloud services. Things like easy access regardless of location, lower costs, more available space, faster servers, and good organizational structure are extremely tempting to business owners and network managers everywhere. 

However, there’s also a dark side of the coin – cybersecurity. While most cloud services have good security measures in place, users can still mess things up and allow unwanted access in their space. This leads to data breaches and leaks of confidential information that can damage a business’s reputation (maybe for good).  

But it doesn’t have to be this way. As long as you are aware of the system’s weakness, you can take preventive measures. As such, we thought to discuss this situation from a hacker’s perspective – if we were to attack a cloud service, how would we go about it?

Phishing

It’s the oldest trick in the book, but it still works incredibly well! According to APWG’s Phishing Activity Trends Report for Q2 2020, in the first half of the year, there were over 146,000 phishing sites and 78% of them were using SSL protection!

Furthermore, ill-intended actors are still using phishing methods to attack webmail and Software-as-a- Service (SaaS) users. 

The practice is simple – attackers send users emails that look official (coming from the WHO or a higher up) and embed a malicious link that leads to a similar looking login page for the cloud service they use. Here, the user enters their credentials (thinking it’s the official page) which are then sent to the attacker.

The best way to stay safe from this practice is to use two-factor authentication (2FA) in combination with secure remote web access that allows you to store files in a secure location (while also allowing sharing options).  

Remote Workers’ Personal Devices

Today’s employee wants more flexibility at the workplace, which is what started the “work from home” trend. While this can be a win-win situation, for both employee and employer, it still comes with some risks. 

Cybersecurity is one of these risks. 

Unless you understand the risks of cybersecurity breaches or work in the field, you won’t care that much about personal devices and their (cyber)health. In fact, many personal devices use out-of-date software, free versions, and lack even basic security measures. 

This opens the door wide open and allows hackers to snoop around due to a wide range of factors, including producer vulnerabilities that were not discovered on time. 

The best way to stay safe in this case is to provide workers with secure devices (laptops, tablets, smartphones) and secure communication channels. Also, make sure they understand why they can’t use personal devices to connect to your network or work devices for personal issues. 

Wrap Up

When it comes to cybersecurity, human resource is the weakest link. That’s why simple attacks such as phishing are still highly effective. You can have state-of-the-art security, but if your employees can be easily tricked into giving the keys away, your system won’t work. 

In conclusion, the best way to stay safe on the cloud is to choose a well-designed platform and train your employees on the topic of cybersecurity. 

PKI-Security Engineer & security blogger at gbhackers.com. She is passionate about covering cybersecurity and Technology.

Leave a Reply