Cloud-jacking is an emerging and significant cybersecurity threat due to the reliance of businesses and individuals on cloud computing. Misconfiguration is driving the majority of the incidents. Cloud-jacking, or cloud account hijacking, occurs when an individual or an organization’s cloud account is stolen, hijacked, or taken over by an attacker. It is a common attack tactic in identity theft. Generally, hackers who utilize social engineering attacks use the stolen account in their attack chain. Any information is cobbled together with a live account to conduct further malicious or unauthorized activity.
As we become more reliant on a providers’ cloud and services, the access control of these services becomes vital in governing these resources. Access systems can provide substantial access control; additionally, multifactor authentication (MFA) capabilities are commonplace.
There is no excuse not to use strong authentication, both personally and within a corporate setting, whenever available. This defense is effective at helping to prevent attackers from taking over accounts. Having said that, MFA, in some instances, continues to suffer from low adoption rates, and with its benefit for security, it may be challenging to understand why.
MFA and why many still don’t use it
The main reason for the low adoption of MFA remains related to little understanding of its protection and the requirement of this defense for all applications and devices we use. It comes down to awareness and education. For increased security, the basic fact is that if a username and password/PIN is being used, it should be followed with an additional factor of authentication. Hence, multifactor authentication.
It is a combination of multiple components. Something you have, like a device or token, something you know, like a PIN and a password, and something you are, like a fingerprint or facial scan. This equates to a combination of something you “have + know + are.” All three of these items together make for robust authentication.
If this authentication were continuous, it would be even better. But what does this mean? In simple terms, this means that once you are through the gate —approved by the check that was done at the entrance to let you in — reviews continue to occur to keep ensuring that you remain the same person that was identified and was authenticated at the gate, on first approval (or authentication).
The industry is evolving to adapt to continuous authentication to defend against the next level of attack, which will be session hijacking. Companies are working on continuous authentication that is contextual so that they can detect if the authorized person is continuously in front of the console, app, device, and platform being used to detect intruders. Moreover, to detect behavioral elements, things like cameras taking photos of data once authenticated and other people peeking over your shoulder, for example.
It is clear that the lack of controls is often due to a lack of education, and it is a big part of the security problem. MFA should be acknowledged throughout the entirety of an organization. It is simple to use and so beneficial as a defense mechanism. Therefore, MFA should be mandated for the whole company.
MFA to help limit the possibility of cloud-jacking
Considering the above, the cloud-jacking is founded on an intruder using methods to trick users, admins, and c-suite levels into gaining access to the cloud resources through the hijacking of accounts. Initially, it involves getting control of an account, and it’s more challenging to accomplish if MFA is utilized.
Security involves the appropriate layering of defenses, and MFA is just that, another layer. If MFA is enabled, then the security is improved. Furthermore, MFA is advantageous for circumstances whenever a username and password or PIN is required. This would include all the devices, the applications, the websites, and anything that is accessed by username, password, and or PIN exclusively. Adding that extra level (MFA) will keep the resource safer.
Securing ‘eggs (data) in one basket (cloud)’
Keeping all data and resources in one place would require increased protection as the risk is higher if an intruder breaks in, as everything within that location would be at risk. Additional to having a restorable backup (which is essential), bundle MFA with encryption for the more sensitive data and resources.
To improve protection, use a different credential with MFA for data and resources that may be more sensitive and require further protection. Again, adding a security layer where it’s most needed.
Regarding native solutions, it is advised that the cloud vendors’ native solutions should be avoided if possible, as it is often the case that it is tied to the credential that gets compromised.
Generally, the native defense gets compromised more often than an alternative, and those using their systems suffer the consequences and losses. The large mainstream cloud vendors usually have complicated policies and can afford better lawyers. When something goes amiss, the argument will be that the customer failed to “turn something on” that was available for their security. The fault is redirected. So, it is advised to take matters into your own hands, whenever possible, and defend oneself or your organization within the cloud. Ultimately, if the cloud is breached, your organization’s reputation and your clients/employees are at risk, and you remain accountable for the information or resources that you process within the cloud.
It is safe to say that if the security is not turned on by default, it’s not a secure platform. In saying that, it remains the customer and user’s responsibility to ensure the data is safe within the cloud it uses. Therefore, it’s crucial to get the knowledge required to implement the necessary and fitting defenses. It is fundamental to use tools that are appropriate for the required protection.
Managing the risk and limiting the damage of cloud-jacking
Regarding cloud-jacking, a strategy that helps manage the risk and limit the damage if it were to happen is the better approach. We will continue to use the cloud. We will continue to store and process sensitive information within it. It is the norm and is necessary. Additionally, it will continue to be a threat vector. So, the risk should be anticipated and appropriately managed, not ignored.
It’s not always easy to defend against, but not doing anything is no longer an option. It’s evident that usernames and passwords are a weaker form of protection and no longer good enough. Fundamentally, alternatives should be used, and defense layers added. By turning on MFA, taking one simple extra step, goes a long way to assist with securing your data and resources in the public cloud and makes it more challenging for an attacker to grasp.
Featured image: Shutterstock
