Businesses urged to be wary of hackers targeting digital platforms

Malicious hackers

Malicious hackers are targeting cloud-based tools such as emails, internal chat, or identity data management tools used by businesses to conduct day-to-day operations.

Photo credit: Shutterstock

As companies adopt hybrid work models to keep up with the disruptions brought about by the Covid-19 pandemic, hackers are now shifting their focus to cloud technologies used by companies to ease file sharing and data storage.

According to cybersecurity firm, CloudStrike, malicious actors are targeting cloud-based tools such as emails, internal chat, or identity data management tools used by businesses to conduct day-to-day operations.

Examples of targeted email providers include Microsoft 365 or GSuite, as well as webmail services used by individuals. In the year 2021 alone, CrowdStrike notes that there was an 82 percent increase in ransomware related data leaks.

“Criminal actors routinely host fake authentication pages to harvest legitimate authentication credentials for cloud services such as Microsoft Office 365, Okta or online webmail accounts. Actors then use these credentials to attempt to access victim accounts,” notes the study.

To avoid easy detection by antivirus products, the study notes that malicious actors are using legitimate credentials and built-in tools to infiltrate their target’s systems. This tactic has the advantage of being able to evade signature-based detections, because top level domains of cloud hosting services are typically trusted by many network scanning services.

“Using legitimate cloud services, including chat applications, can enable adversaries to evade some security controls by blending into normal network traffic,” notes the study.

The study highlights that as organisations scramble to protect their data and interconnected systems in the face of the incredibly sophisticated cyberattacks, hackers are also refining their craft to become even more sophisticated and undetectable.

“Hackers refined and amplified ransomware attacks that ripped across industries, sowing devastation and sounding alarm. These adversaries were able to circumvent actions that threatened cessation of their operations, and some even resorted to rebranding. For security teams already dealing with an ongoing skills shortage, these issues proved challenging enough on their own,” notes the study.

The hackers are also seeking to diversify their victim portfolio by adopting new tricks. For instance, a malicious actor may infiltrate a vulnerable server to destroy the trust between a cloud service provider and a client, and thereafter, knowing that a client will quickly move to another service provider, they move on to infiltrating the next cloud-service provider as well.

“Adversaries have leveraged cloud service providers to abuse provider trust relationships and gain access to additional targets through lateral movement from enterprise authentication assets hosted on cloud infrastructure,” notes the study.

As more people relied on mobile phones to transact, malicious actors also sort to diversify their victim portfolio by developing mobile malware, either to make money or collect sensitive information.

“Targeted intrusion adversaries are expected to continue to capitalise on trends in technology and the broader threat landscape throughout 2022 in attempts to maximise impacts while minimising effort,” notes the study.

The study notes that because cloud-based services now form crucial elements of many business processes, easing file sharing and collaboration, attacks on these same services by malicious actors is likely to continue into the foreseeable future as more businesses seek hybrid work environments.

Study recommends

To protect your organisation from these attacks, the study recommends securing all critical areas of your enterprise including endpoints and cloud workloads, identity and data.

“Look for solutions that deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritised observability of vulnerabilities,” notes the study.

The study also recommends investing in security teams to increase the speed and agility in detecting, preventing or responding to potential cyberattacks.

 “Speed often dictates success or failure. This is especially true in cybersecurity where stealthy breaches can occur in a matter of hours with devastating consequences,” notes the study.

To combat the continued threat of cyberattacks, the study also recommends that companies should conduct in-house trainings on the use of new technologies because the end user remains a crucial link in the chain to stop breaches.

“The most common causes of cloud intrusions continue to be human errors such as omissions introduced during common administrative activities. It is important to set up new infrastructure with default patterns that make secure operations easy to adopt,” notes the study.

Whether a company or an individual user, the study notes that it is always important to adopt a zero-trust policy when it comes to sharing your data online.

“As adversaries want to monetise their activity, they target their victim’s data seeking payoffs through ransom and extortion, and will even auction data to the highest bidder. Because today’s global economy requires data to be accessible from anywhere at any time, it is critical to adopt a zero-trust model,” notes the study.