Phishing Leads As Cloud Intrusion Method For Threat Actors

Table of Contents

Hackers use phishing to con people into giving up their credentials. Once they have this access, they can move deeper into cloud systems that can put sensitive information at risk.

[add call-to-action banner]

Phishing Is The Top Way Hackers Access Cloud Systems

According to IBM X-Force’s recent Cloud Threat Landscape Report, phishing is the most common way hackers gain access to cloud systems. Their findings echo what many Cybersecurity experts have observed about the widespread nature and effects of phishing.

Phishing attacks are tactics that cybercriminals use to deceive and manipulate you into revealing your login information, such as usernames and passwords. These attacks are especially dangerous in cloud environments, where your data is stored online.

Credential Abuse & Vulnerabilities

During the past two years, valid credentials were responsible for 28% of all cloud-related incidents. This means that hackers often gain access to systems simply by using stolen login information.

In addition, exploited vulnerabilities in publicly accessible applications ranked as the third most common method for initial access, appearing in 22% of cloud intrusions, according to the IBM X-Force report

IBM X-Force also stated that in 40% of their incident response engagements, attackers abused cloud-hosted Active Directory servers to carry out business email compromise (BEC) attacks. This makes it the most frequent method used by hackers to exploit organizations.

Cloud Storage Services Are A New Way for Hackers to Distribute Malware

According to the report, cybercriminals are increasingly using cloud-based file hosting services like Dropbox, OneDrive, and Google Drive to spread malware that looks legitimate. X-Force has noted several malware campaigns, including two from North Korean state-sponsored groups:

  • APT43 is using Dropbox to carry out a multi-stage attack involving malware called TutorialRAT.
  • APT37 is running a phishing campaign that uses OneDrive to distribute RokRAT malware.

Another campaign involves email spam that uses OneDrive to host and spread Bumblebee malware.

These campaigns take advantage of the trust people have in public cloud services. As a result, unsuspecting users may unknowingly download harmful software. You need to be cautious when interacting with files from these services and ensure you have robust security measures in place to protect your devices and data.

Why People Matter Most In Cybersecurity

The main issue is that people often represent the weakest link in the security chain. When cybercriminals successfully steal credentials, they gain access to sensitive information and systems.

To combat this, there’s a whole industry focused on training professionals to be cautious. They teach you to think twice before clicking on links in emails or text messages that lead to login pages asking for your credentials. Despite these efforts, phishing remains the leading method for compromising accounts year after year.

Ultimately, it’s up to organizations to protect their systems from these attacks. This means investing in training, security measures, and ongoing awareness to help everyone understand the risks and make safer choices online.

How MFA Can Help

The Cybersecurity and Infrastructure Security Agency (CISA) launched a “More Than a Password” campaign on social media to encourage multi-factor authentication (MFA) use, claiming it makes organizations and individuals 99% less likely to be hacked.

The National Institute of Standards and Technology (NIST) also recommends that all organizations use MFA. In its “Digital Identity Guidelines,” NIST outlines three levels of MFA:

  • Level 1: Authenticators linked to a user’s account
  • Level 2: Adds cryptographic methods
  • Level 3: Requires physical keys with cryptographic security

While Cybersecurity experts agree that any form of MFA is better than single-factor logins, attacks still occur even in MFA-protected environments. For example, several Twilio (a San Francisco-based cloud company) employees were duped into giving their login details to threat actors in a phishing attack, which the company called a “sophisticated social engineering attack” in a blog post.

To better defend against phishing attacks, there are advanced MFA options that rely on stronger, cryptographic methods like public and private keys, the Web Authentication API, biometrics, or FIDO2 standards, which make it hard for threat actors to mislead users. 

Using these tools can help add a stronger layer of protection to your accounts and systems, keeping attackers at bay more effectively.

2Secure Corp’s The Cybersecurity Insider podcast features a story about a client who fell victim to a phishing scam. The episode serves as a useful training tool to help prevent similar attacks in the future.

FAQ

What Is A Phishing Attack?

A phishing attack is when someone tries to scam you into giving out personal information, like passwords or credit card numbers. They often send fake emails or messages that look real, asking you to click a link or enter your details. Always double-check the sender to know if you’re being hoodwinked. 

How Can Phishing Affect A Company?

Phishing can seriously harm a company by stealing sensitive data, like customer information, third-party information, or financial details. Attackers may also use it to access company systems, leading to downtime, data loss, or even damaged reputation. Protecting against phishing helps keep your company safe and trusted.

What Can Businesses Do To Prevent Phishing Attacks?

The 2Secure team often recommends teaching employees how to identify, address, and steer clear phishing emails. Train everyone to recognize suspicious links, attachments, apps, and messages asking for personal information. Also, use strong security tools, like MFA, to protect accounts. Regular training and clear guidelines help keep your business safe from phishing threats.

Source:

  1. (n.d.). X-Force Cloud Threat Landscape Report 2024 [Review of X-Force Cloud Threat Landscape Report 2024]. In IBM. IBM. https://www.ibm.com/downloads/documents/us-en/10a99803d4afd20a
Share this article with a friend

Related Posts

What Are Supply Chain Attacks & How Do They Work?

What Are Supply Chain Attacks & How Do They Work?

Supply chain attacks are becoming now prevalent, and they can impact your business in ways you might not expect. These…
California Court Faces Disruptions Due to Cyberattack

California Court Faces Disruptions Due to Cyberattack

The San Joaquin County Court is facing serious disruptions after a Cyberattack took down many of its online services.1  If…
Halliburton Cyberattack Hits $35 Million Loss

Halliburton Cyberattack Hits $35 Million Loss

Halliburton, the world’s second-largest oil service company, confirmed that a Cyberattack hit its computer systems. The sudden attack caused ongoing…

Create an account to access this functionality.
Discover the advantages