Without cloud services, many processes in the modern working world would be inconceivable or at least much more complicated. At the same time, "the cloud" is an extremely rewarding target for hackers and blackmailers. Read here what the attack vectors look like and what countermeasures are possible.
Anyone who stores data in the cloud and uses corresponding services may feel particularly secure: surely the providers will do everything they can for IT security? The catch is that the service providers can only ensure that the basic defensive measures are in place. However, they have little influence if the services are set up or used insecurely. And if a company employee accidentally gives out their access data, it's all for nothing: the cloud service is then as secure as a safe with the door left open.
Attacks on these services are known as "cloud jacking", among other things. There are various scenarios that you should be prepared for:
A frequently encountered attack pattern is the takeover of a cloud account via "(spear) phishing": users are tricked into handing over their access data. This happens, for example, via fake emails and websites that look confusingly similar to their official counterparts.
Attacks of this kind are now also targeted at specific organizations or even individuals.
Well-known attack tactics are also used. In these cases, the hackers try to infiltrate their code by exploiting incorrectly protected database queries, for example. Or the attack is initially directed at services and tools that are used for the operation or further development of the cloud offering itself.
Last but not least, incorrectly assigned access rights make it all too easy for attackers: if, for example, every employee in the company can and is allowed to do everything in the cloud out of convenience, there is a lot of potential for hackers.
If an attack is successful, it is not always immediately apparent. Data traffic may be intercepted first in order to gather further information. Or the documents and data that can now be retrieved are evaluated and used for the next steps.
In addition, the information provided could be manipulated in order to redirect users to fake sites, inject malware and much more.
So far, ransomware has mainly attacked devices in an internal network, but in principle it can also get hold of data in the cloud. It is then encrypted and only released again for a ransom.
In the past, ransomware was spread as widely as possible in order to make money from the masses. Today, it is often precisely those companies and organizations that are very likely to pay a high ransom that are attacked. The simple calculation: the less an industry can afford downtime due to blocked computers and networks and the higher the turnover, the more at risk it is.
Cloud services also have the potential to become the starting point for "island hopping": In this approach, attackers first take on a smaller target and then move on to another intermediate step until they reach the actual victim.
Therefore, no organization should feel safe just because its own data is not considered as valuable. A prominent example: The momentous attack on the US retail chain "Target" came via a service provider for heating and ventilation systems.
Countermeasures mainly revolve around closing or at least strongly securing key gateways:
Last but not least, every company needs a contingency plan in case something does go wrong. Data in the "internet cloud" should be encrypted accordingly and cloud data should not only be available once: a backup strategy is also part of this.