Cybersecurity attacks on Cloud

Cybersecurity attacks on Cloud-based user accounts spiked 300 percent in 2017 compared to the same period last year, according to latest edition of Microsoft’s Security Intelligence Report.

Heading the list of vulnerabilities are all the usual suspects: Weak, guessable passwords, and poor password management, followed by targeted phishing attacks and breaches of third-party services.

Here are six additional top-level findings from the report:

  • As organizations increasingly migrate to the cloud, there is growing frequency and sophistication of attacks on consumer and enterprise accounts in the cloud.
  • The number of account sign-ins attempted from malicious IP addresses increased 44 percent year-over-year in Q1 2017.

Weaponizing Cloud?

Customers are moving to Cloud and so are the attackers. Cloud services are prime targets. “In a cloud weaponization threat scenario, an attacker establishes a foothold within a cloud infrastructure by compromising and taking control of one or more virtual machines,” the report says. The attacker then launches attacks, including brute force and spam campaigns, against other virtual machines.

  • More than 89 percent of the malicious IPs were located in China, followed by the United States at 4.2 percent.
  • More than two-thirds of incoming attacks on Microsoft Cloud came from IP addresses in China (35%) and the United States (33%).
  • Ransomware encounter rates were highest in Europe compared to the rest of the world. For example, encounter rates in the Czech Republic, Italy, Hungary, Spain, Romania, Croatia, and Greece were higher than the worldwide average. Encounter rates are the lowest in Japan, China, and the United States in Q1 2017.

Are your Cloud applications and data well-guarded?

  • Check with your security team to see that the company’s security perimeter includes Cloud servers and storages. Safeguarding your data is still your responsibility.
  • Make sure your company’s infrastructure is compliant with the best practices, and your workforce understands today’s cyber challenges.
  • Security is not a hindrance; can be business enabler when done right.
  • Ascent InfoSec offers complimentary network security assessments. Call to see if you qualify.