Nowadays, we discuss the ‘cloud’ with fondness. It’s ubiquitous, a reliable friend always there with your precious family photos when you’ve dropped your phone in the sea, or with that confidential presentation you spent hours on before leaving your laptop on the train. But what happens when the cloud, everywhere and nowhere as it is, is hacked? As we’ve recently seen with the phishing campaign which successfully attacked a SharePoint URL to bypass an email gateway, the security of enterprise storage systems should not be taken for granted – no matter how well-known they are.
Hacks against shared enterprise services such as SharePoint are increasing in number. With the rising popularity of cloud drives for storage, and its increasing versatility, it is no wonder that more organizations are turning to them as an option. The real problem is that it’s hard to understand the security risks and consequences of various cloud solutions. Without asking the right questions and fully understanding the answers, it’s difficult to tell how well cloud providers are protecting your data. Once your data is stored in the cloud, it’s no longer sitting on your computer or device, it’s sat on a server you don’t have physical access to. If the barriers to the cloud solution are broken with a cyber-attack, anyone could access your data. Furthermore, the attack might be against someone else and it is just happenstance that you have your critical information with the same provider and so become collateral damage.
No brand is immune
There is a sense of comfort with household names such as SharePoint, OneDrive and Google and we immediately jump to the conclusion that we can trust, because everyone uses them therefore ‘they must be secure’. However, recent revelations that the Google calendars of thousands of people were compromised to the extent that malicious content could be added in new events demonstrates something we must all remember: big named brands are not immune from attack, but actually, as they are giant repositories of information from millions of companies, they are big targets. Trust must no longer be taken for granted. Trusted domains, such as SharePoint, OneDrive and Google Drive, are all used by cyber-attackers because of the trust the name provides. People who receive documents using them believe that security is handled for them. Unfortunately, this is not the case and businesses still need an in-depth defense strategy around all information being shared and accessed. Cofense researchers have claimed that using enterprise services like SharePoint almost guarantees the phishing URL will be delivered to the intended target. Cyber-attacks continue to grow in sophistication, so we will continue to see a rise of cloud services being used as a route to mount cyber-attacks and evading corporate security controls.
But how do you hack something that you can’t see?
It has been reported that data breaches are three times more likely to occur for businesses which utilize the cloud than those that don’t. The fact that data is stored and transmitted over the internet is a major risk factor. In the case of the recent SharePoint hack, phishing emails were sent from a compromised account asking the recipient to review a document by clicking an embedded URL. The recipient clicks the embedded URL. SharePoint, the initial delivery mechanism, then delivers a secondary malicious URL, allowing the hacker to circumvent just about any email perimeter technology. Just like hacks we have seen so many times before, data was breached through the click of a link. The risk factor of this is huge, when it is considered that 70% of financial companies alone have experienced a cyber security incident in the past year. – Read more