On every Black Friday, as with any global event that may become a commonality across many countries, attackers are waiting in the shadows to leverage the chance to attack unsuspecting people.
Cloud jacking, phishing and social engineering are all emerging as big cyber security threats in 2020 and certainly in 2021 and beyond. All because of companies and individuals’ dependence on cloud computing and remote working.
During COVID-19, we’ve seen scams around PPE and other relevant topics which people react to as they are curious and wish to be in the know about current events.
Cloud jacking, or cloud account hijacking happens when a private or an organisation’s cloud account is taken, hijacked or appropriated by an attacker.
During COVID and Black Friday, cloud account hijacking is now a typical attack tactic in identity theft. The social engineering attacker ads the stolen account in their attack chain using gathered information alongside a live account to conduct the malicious or unauthorised activity.
These accounts could be PayPal, eBay, Amazon, Office 365 accounts – anything of use to the attacker which can be used to steal money or other credentials.
As we become more reliant on the cloud and services offered by providers, access to those services become vital elements in controlling these resources. The access control systems that provide substantial access control and multi-factor authentication (MFA) capabilities are commonplace. There’s no excuse not to use strong authentication personally and within the corporate environment. If it’s available, this defence is healthy and helps in preventing cyber attackers from taking over accounts.
Case Study – Compromised Account
In October 2020, a midsize company called us for advice when one of its senior staff members wasn’t receiving email.
On close inspection, we discovered that this person’s Office 365 account had been compromised.
The attacker got access to the account and redirected the e-mail into a folder that the user did not know about.
The attacker logged in from Nigeria, then from Miami in the US, then from Ontario and was constantly sending emails to over a 1000 of the user’s contacts in an attempt to persuade them into a compromising situation as well.
After running PowerShell scripts and over eight hours of labour, the user’s mailbox, and everyone else affected were sorted out and communicated with.
But, the likelihood that some of the 1000+ people clicked on something is big, and thus the compromise chain lives on and on with the online web of connections.
If the user was using MFA, this would have made things tons harder for the attacker.
Limit The Possibility of Cloud Jacking this Black Friday
The cloud jacking attack method will be prevalent during Black Friday because the lure of deals will get us all clicking.
It’s so competitive within the hacker community that some hackers even resort to ‘malvertising’ – they buy legitimate adverts to advertise to people during global events such as Black Friday to entice them to click their malicious links.
Why Do People Still Not Use Multi-Factor Authentication?
The main reason for the low adoption of multi-factor authentication (MFA) in 2020 remains the poor understanding of its protection, and therefore, the requirement of this defence for all applications and devices that we use.
The essential fact is, if you have a username and password/PIN, then that ought to be followed with a further factor of authentication.
Use a combination of something you’ve got – a device, tool or token plus something you know like a date and a password plus something you are, like a fingerprint or facial scan. All three – the ‘got’ + the ‘know’ + the ‘are’ – together result in strong authentication.
It would be best if this authentication is continuous. Once the first check was done to authenticate you and allow you through the gate, ongoing checks must keep happening to ensure that you are still the one that was identified that first time.
Continuous Authentication
The industry is evolving to adapt to continuous authentication to defend against the next level of attack – session hijacking.
Companies like 8sense is exploring contextual, continuous authentication which will detect if the authorised person is in front of the console, app, device and platform plus behavioural elements to detect cameras taking photos of data once authenticated.
This Black Friday, cyber criminals will use cloud jacking to trick users, admins and c-levels into gaining access to cloud resources through the hijacking of accounts. Enabling MFA, makes this much harder to accomplish.
Additionally, this layer of defence should be applied everywhere a username and password or PIN is used – all devices, applications, websites. Anything that’s accessed only with username, password and or Pin, needs that extra level of protection to keep the resource safer, because the cloud basket is straightforward to compromise, if not protected.
If you’ve got all of your data and resources in one place, the danger of losing everything is even higher:
- make sure you have a restorable backup
- bundle your MFA with encryption for the critical data
- create an additional layer – use different credentials with your MFA for sensitive information
- don’t only use the one cloud vendors’ Native solution as this is often tied to the credential that gets compromised
Native Defence Gets Compromised More Often
The native defence gets compromised more often than something that’s mainstream. In the cloud the large vendors that are mainstream can get hacked, it’s guaranteed, and when that happens, and you do not have the best defences, the once that suffer the losses are the folks that use the systems.
The large vendors have good lawyers and sophisticated policies, and therefore, the argument will be that you simply didn’t turn something that was indeed available.
Therefore, take matters into your own hands and defend yourself and your company in the cloud. Ultimately, if the cloud is breached, your reputation and your clients/employees, information is what you’re responsible for.
If “the safety” isn’t turned on by default, it’s not a secure platform.
Saying that it is the customers’ and users’ responsibility to keep data safe, won’t hold water with the regulators and thus the law. So, it is vital to gain the knowledge, switch on the defences and use the tools appropriate to limit the damage of cloud jacking. It’s about managing the cyber risk and limiting the possible damage.
Black Friday, What Can We Do To Be Safe?
• Be careful what you click
• Only visit reputable websites that you have browsed before and make sure you use services that you can trust
• Check the certificate on the websites
• MFA every time
• If you’re not expecting an email from a supplier or friend, phone them
• If you do not trust a link but still want to browse the website, check the validity of the link on a mainstream search engine
Be safe online this Black Friday and the festive season ahead, be careful what you click on and double-check the sites you visit.
Desperate people do desperate things, and today its easy pickings as digital integrity is tough to validate.
