How to Avoid Cloud Account Hijacking Attacks

What is cloud account hijacking?

Cloud account hijacking is just one of many threats that CISOs and IT needs to address when accounts are compromised by malicious actors.

The typical cloud hijacking goes something like this:

• A company doesn’t change its default cloud service password
• Some cloud access credentials are exposed somewhere
• Someone in the company falls victim to a phishing attack

While most tech workers are well aware of the risks and get training about phishing and other attacks, it takes just one stressed worker with enough on their plate to reply, and the damage is done.

Once a criminal has sufficient privileges and access to any cloud service, they can lock legitimate users out, or steal the data stored in that service. Imagine an entire company being locked out of its productivity applications, or the finance team blocked from accessing the company’s accounts.

While some cloud service providers will have security to limit these types of breaches and hijacks, it’s up to the business to secure its cloud and ensure access is protected.

What are the risks associated with cloud account hijacking?

Losing access to your company data is just the start of many business nightmare scenarios. The data could be hijacked and held for ransom, as in many profile cases, most recently, the US Colonial Pipeline attack where the firm paid $5 million in an attempt to restore services and recover a reported 100GB of cloud data.

In most instances, firms are locked out of their applications and data, and even if they pay a ransom, services are never returned. This means the business needs to recover data from existing and accessible backups, and restore their services afresh.

Even in less extreme examples, a company can lose hours or days of work if their cloud is hijacked, and have to catch up in a hectic series of updates once access is restored. Not only do firms lose money, but they can also fall behind on orders or production, and if the issue becomes public, companies can suffer reputational damage and lose orders as a result.

Tips to prevent account hijacking attacks in the cloud

The best defense for any cloud is a multi-layered approach to security. This starts with the human factor, with top-down awareness through the business of the risks, training about phishing and scams.

1. Close collaboration between CIOs and CISOs is key

When researching various cloud providers or replacing ones that don’t provide adequate security protection, it’s vital that CIOs collaborate closely with CISOs. That goes for services, compute and storage, ensuring they meet compliance and governance standards, and the other complexities of a modern cloud.

2. Restrict access to cloud services to authorized users

The IT team needs to ensure that each service is secure, that only authorized users have access to services, and every credential and password is secured. Most cloud services require additional layers of protection like cloud access security brokers (CASBs), next-gen firewalls and other tools.

3. Embrace cloud tokenization

When it comes to protecting regulated data like credit card details, personally identifiable information (PII) and government or health codes, many firms are adopting cloud tokenization to support or replace encryption tools. Another step forward is in zero trust solutions that add verification layers to ensure only legitimate access is granted to valid users. 

4. A cloud disaster recovery plan is a must

Firms also need to have adequate disaster recovery procedures in place that are regularly tested to work as the cloud footprint grows, big data creates pressure on the business to adopt more automation and fresh risks are created.

There’s no one size fits all solution to cloud security. Instead, each CISO, IT security or cloud leader and team will have to build their own approach that meets the business needs, while providing the most flexible and rigorous layers of defense. And every time a new cloud service is adopted, they’ll need to ensure it’s integrated into the security scheme and doesn’t create any new weak points.

Cloud security is a never-ending battle, with new threats appearing, employees finding creative ways to work that may create a risk, the creation of shadow IT being one of the most critical, and criminals exploiting new avenues of attack. Increasingly automated protection services will help IT create these defenses, but CISOs will need to fight for the budget to adopt them, and ensure that manual oversight is alert to each and every issue, ready to react if needed.

Further reading:

• 5 Major Cloud Security Breaches and How to Boost Your Defenses Against Them
• Data Sovereignty and Cloud: How Do You Ensure Compliance?
• How to Lock Down the Cloud Control Plane with CSPM
• 9 Key Questions to Ask Every CASB Vendor