Cloud

A Hacker’s Perspective: How Easy it is to Steal Data Through Consumer Cloud Services

As more people want to work from home, businesses discover the benefits associated with consumer cloud services. Things like easy access regardless of location, lower costs, more available space, faster servers, and good organizational structure are extremely tempting to business owners and network managers everywhere. 

However, there’s also a dark side of the coin – cybersecurity. While most cloud services have good security measures in place, users can still mess things up and allow unwanted access in their space. This leads to data breaches and leaks of confidential information that can damage a business’s reputation (maybe for good).  

But it doesn’t have to be this way. As long as you are aware of the system’s weakness, you can take preventive measures. As such, we thought to discuss this situation from a hacker’s perspective – if we were to attack a cloud service, how would we go about it?

Phishing

It’s the oldest trick in the book, but it still works incredibly well! According to APWG’s Phishing Activity Trends Report for Q2 2020, in the first half of the year, there were over 146,000 phishing sites and 78% of them were using SSL protection!

Furthermore, ill-intended actors are still using phishing methods to attack webmail and Software-as-a- Service (SaaS) users. 

The practice is simple – attackers send users emails that look official (coming from the WHO or a higher up) and embed a malicious link that leads to a similar looking login page for the cloud service they use. Here, the user enters their credentials (thinking it’s the official page) which are then sent to the attacker.

The best way to stay safe from this practice is to use two-factor authentication (2FA) in combination with secure remote web access that allows you to store files in a secure location (while also allowing sharing options).  

Remote Workers’ Personal Devices

Today’s employee wants more flexibility at the workplace, which is what started the “work from home” trend. While this can be a win-win situation, for both employee and employer, it still comes with some risks. 

Cybersecurity is one of these risks. 

Unless you understand the risks of cybersecurity breaches or work in the field, you won’t care that much about personal devices and their (cyber)health. In fact, many personal devices use out-of-date software, free versions, and lack even basic security measures. 

This opens the door wide open and allows hackers to snoop around due to a wide range of factors, including producer vulnerabilities that were not discovered on time. 

The best way to stay safe in this case is to provide workers with secure devices (laptops, tablets, smartphones) and secure communication channels. Also, make sure they understand why they can’t use personal devices to connect to your network or work devices for personal issues. 

Wrap Up

When it comes to cybersecurity, human resource is the weakest link. That’s why simple attacks such as phishing are still highly effective. You can have state-of-the-art security, but if your employees can be easily tricked into giving the keys away, your system won’t work. 

In conclusion, the best way to stay safe on the cloud is to choose a well-designed platform and train your employees on the topic of cybersecurity. 

PricillaWhite

Recent Posts

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments

A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra ID…

1 day ago

Threat Actors Exploit Google Apps Script to Host Phishing Sites

The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages Google…

1 day ago

Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by…

1 day ago

Beware: Weaponized AI Tool Installers Infect Devices with Ransomware

Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers,…

1 day ago

Pure Crypter Uses Multiple Evasion Methods to Bypass Windows 11 24H2 Security Features

Pure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for…

1 day ago

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges

A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security…

1 day ago