Those with their finger on the pulse of emerging cybersecurity threats are already aware that there’s a new danger in town: cloud jacking. The increased reliance of individuals and businesses on cloud computing has led inevitably to this form of cybercrime primarily driven by misconfiguration and that looks to dominate a multitude of online security concerns in the near future.
Cloud jacking, also known as cloud account hijacking, is when a cybercriminal takes over an individual or business account, typically by some form of social engineering. Once in control of an account, hackers are limited only by their imagination, but you can expect some form of data or identity theft. Perhaps even a ransomware attack. The bottom line is that it probably won’t be much fun for the legitimate account owner.
The Rise of Cloud Jacking
Cloud computing has brought with it a brave new world of data storage, collaboration, and a host of other benefits that we’re quickly coming to believe we can’t live without. However, the more reliant we become on clouds, the more critical it is to keep the environment safe and secure.
To begin, any cloud-based assets should be protected by a robust authentication system — in other words, no weak passwords. Multifactor authentication (MFA) is rapidly becoming a security standard that only the foolish go without when it comes to securing the cloud.
Interestingly, MFA continues to demonstrate surprisingly low adoption rates, partly because it is often seen as a cumbersome way to access your data. As cloud-based security concerns continue to rise in importance when it comes to data protection policy, it’s highly likely this trend will begin to reverse in the very near future.
Evolving Cybersecurity in the Cloud Computing Age
The cybersecurity industry is being forced to learn, adapt, and evolve quickly in order to defend itself from current and forthcoming waves of attack, which are just getting started.
Do you pay attention to industry news? You should. There’s no better education to be found than reviewing the nature of current security breaches to learn what some other poor cybersecurity slob did wrong, if for no other reason than resolving to not make the same mistake. You can learn a lot from the failure of others.
Current areas of emphasis are continuous and contextual authentication; these allow detection of authorized personnel in real time, which more accurately highlights intruders and hackers. The systematic photographing of data and the use of webcams in online security, which can identify exactly who is sitting in front of any given computer, are also becoming commonplace. Add to that the increased capabilities of the still-developing field of artificial intelligence and machine learning, both for the good guys and the attackers, and it’s clear the cloud battleground is just getting started.
One thing is clear: As with any other emerging cybercrime, cloud jackers look to take advantage of existing vulnerabilities in a system, then rely on the laziness and ignorance of system users to access their target cloud. Systematic security policies, robust in-company education, and an insistence on commonsense practices should be the first and most important line of defense while catching up with the latest hacking techniques.
Tackling Cloud Jacking with Robust MFA
As mentioned, cloud jacking is ultimately founded upon cybercriminals using diverse methods to take advantage of vulnerabilities, mistakes, and oversights in order to breach cloud security.
It’s important to bear in mind that business data clouds, unlike the disparate data banks of yesteryear, often present themselves as a considerably more tempting target for cybercriminals. Here’s a mind-boggling stat: More than three-quarters of all online organizations experienced some level of cyberattack in 2019. Why? Simply because clouds, by their very nature, generally keep all of their resources and data in one place, linking together a series of systems, departments, and accounts in a single location. Once cybercriminals are in, they are presented with a veritable feast of options for malicious action.
Mainstream cloud brands and providers like to defend themselves and avoid responsibility with complex policies and are often able to successfully argue that the fault for a breach lies in the hands of their customers, rather than in their own systems and products. This makes it increasingly important that companies and individuals take the time to learn how to strengthen their security protocols beyond the basics supplied by their providers.
Mitigating the Damage Caused by Cloud Jacking
Neither cloud computing nor cloud jacking are going to go away. Indeed, expect the migration stampede to cloud-based systems to continue and increase. Obviously, cybercriminals will follow this trend, keeping the threat vector a persistent, relevant presence.
Doing nothing has long since ceased to be a viable option. And relying on the somewhat antiquated system of usernames and passwords likely won’t provide the peace of mind and security you need. We have a responsibility to our employees, our customers, and our data protection promises to make full use of additional defense layers and to slow the advance of cybercrime in the age of cloud computing.
Bernard Brode is a product researcher at Microscopic Machines and remains eternally curious about where the intersection of AI, cybersecurity, and nanotechnology will eventually take us. View Full Bio