Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:00 PM
Bernie Brode
Bernie Brode
Connect Directly
E-Mail vvv

Cloud Jacking: The Bold New World of Enterprise Cybersecurity

Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.

Those with their finger on the pulse of emerging cybersecurity threats are already aware that there's a new danger in town: cloud jacking. The increased reliance of individuals and businesses on cloud computing has led inevitably to this form of cybercrime primarily driven by misconfiguration and that looks to dominate a multitude of online security concerns in the near future.

Cloud jacking, also known as cloud account hijacking, is when a cybercriminal takes over an individual or business account, typically by some form of social engineering. Once in control of an account, hackers are limited only by their imagination, but you can expect some form of data or identity theft. Perhaps even a ransomware attack. The bottom line is that it probably won't be much fun for the legitimate account owner.

Related Content:

COVID-19's Acceleration of Cloud Migration & Identity-Centric Security

How Data Breaches Affect the Enterprise

New From The Edge: Understanding TCP/IP Stack Vulnerabilities in the IoT

The Rise of Cloud Jacking
Cloud computing has brought with it a brave new world of data storage, collaboration, and a host of other benefits that we're quickly coming to believe we can't live without. However, the more reliant we become on clouds, the more critical it is to keep the environment safe and secure.

To begin, any cloud-based assets should be protected by a robust authentication system — in other words, no weak passwords. Multifactor authentication (MFA) is rapidly becoming a security standard that only the foolish go without when it comes to securing the cloud.

Interestingly, MFA continues to demonstrate surprisingly low adoption rates, partly because it is often seen as a cumbersome way to access your data. As cloud-based security concerns continue to rise in importance when it comes to data protection policy, it's highly likely this trend will begin to reverse in the very near future.

Evolving Cybersecurity in the Cloud Computing Age
The cybersecurity industry is being forced to learn, adapt, and evolve quickly in order to defend itself from current and forthcoming waves of attack, which are just getting started.

Do you pay attention to industry news? You should. There's no better education to be found than reviewing the nature of current security breaches to learn what some other poor cybersecurity slob did wrong, if for no other reason than resolving to not make the same mistake. You can learn a lot from the failure of others.

Current areas of emphasis are continuous and contextual authentication; these allow detection of authorized personnel in real time, which more accurately highlights intruders and hackers. The systematic photographing of data and the use of webcams in online security, which can identify exactly who is sitting in front of any given computer, are also becoming commonplace. Add to that the increased capabilities of the still-developing field of artificial intelligence and machine learning, both for the good guys and the attackers, and it's clear the cloud battleground is just getting started.

One thing is clear: As with any other emerging cybercrime, cloud jackers look to take advantage of existing vulnerabilities in a system, then rely on the laziness and ignorance of system users to access their target cloud. Systematic security policies, robust in-company education, and an insistence on commonsense practices should be the first and most important line of defense while catching up with the latest hacking techniques. 

Tackling Cloud Jacking with Robust MFA
As mentioned, cloud jacking is ultimately founded upon cybercriminals using diverse methods to take advantage of vulnerabilities, mistakes, and oversights in order to breach cloud security. 

It's important to bear in mind that business data clouds, unlike the disparate data banks of yesteryear, often present themselves as a considerably more tempting target for cybercriminals. Here's a mind-boggling stat: More than three-quarters of all online organizations experienced some level of cyberattack in 2019. Why? Simply because clouds, by their very nature, generally keep all of their resources and data in one place, linking together a series of systems, departments, and accounts in a single location. Once cybercriminals are in, they are presented with a veritable feast of options for malicious action. 

Mainstream cloud brands and providers like to defend themselves and avoid responsibility with complex policies and are often able to successfully argue that the fault for a breach lies in the hands of their customers, rather than in their own systems and products. This makes it increasingly important that companies and individuals take the time to learn how to strengthen their security protocols beyond the basics supplied by their providers. 

Mitigating the Damage Caused by Cloud Jacking
Neither cloud computing nor cloud jacking are going to go away. Indeed, expect the migration stampede to cloud-based systems to continue and increase. Obviously, cybercriminals will follow this trend, keeping the threat vector a persistent, relevant presence.

Doing nothing has long since ceased to be a viable option. And relying on the somewhat antiquated system of usernames and passwords likely won't provide the peace of mind and security you need. We have a responsibility to our employees, our customers, and our data protection promises to make full use of additional defense layers and to slow the advance of cybercrime in the age of cloud computing.

Bernard Brode is a product researcher at Microscopic Machines and remains eternally curious about where the intersection of AI, cybersecurity, and nanotechnology will eventually take us. View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.