Attackers are increasingly hitting collaboration services such as Microsoft 365 to access cloud accounts with stolen credentials, says McAfee.
The move to remote working spurred by the pandemic has triggered a surge in the use of cloud services. Such virtual meeting and collaboration platforms as O365,Teams Zoom, Cisco’s Webex, and Google Hangouts have all seen increased demand. But that trend has also made these services and their users more of an open target for cybercriminals looking to capture or exploit account credentials. The “cloud adoption risk report” released Wednesday by McAfee shows how attackers are taking advantage of cloud services and what organizations can do to better protect themselves.
Based on cloud-usage data from 30 million McAfee MVISION cloud users between January and April 2020, the security provider found a 50% increase overall in the use of cloud services. Some of the largest gains have been seen with Webex, Zoom, Microsoft Teams, and Slack across such industries as manufacturing, education, real estate and construction, government, and financial services.
A rise in cloud access has also been observed from unmanaged devices, typically personal devices owned by the user and not approved or managed by IT.
The volume of cyberthreats against cloud services has shot up by 630% since the start of the year, with the greatest focus on collaboration tools such as Microsoft 365. Many of the attacks are likely opportunistic, meaning they’re using stolen account credentials for password spraying campaigns. These threats fall into two types of categories as named by McAfee:
1. Excessive logins from anomalous locations
2. Suspicious superhuman
Among targeted industries, transportation and logistics were hit by the largest increase in cyberthreats, followed by education, government, manufacturing, financial services, and then energy and utilities. Based on IP address, the top countries from which the attacks stem include Thailand, the US, China, India, Brazil, Russia, Laos, Mexico, New Caledonia, and Vietnam. The top ten are all outside of Europe, which as McAfee points out, is home to some of the tightest data protection laws in the world.
“The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behavior,” Rajiv Gupta, senior vice president of Cloud Security for McAfee, said in a press release. “Mitigating this risk requires cloud-native security solutions that can detect and prevent external attacks and data loss from the cloud and from the use of unmanaged devices. Cloud-native security has to be deployed and managed remotely and can’t add any friction to employees whose work from home is essential to the health of their organization.”
To help organizations rethink and tighten their cloud security, McAfee offers the following suggestions:
- Think cloud-first.
- Consider your network.
- Consolidate and reduce complexity
- Implement a cloud-based secure web gateway
- Allow employees to connect to sanctioned cloud services
- Set the policy in your CASB
- Let employees use their personal devices