EDITOR’S QUESTION
WHAT CAN
ORGANISATIONS
DO TO PREVENT
CLOUD APPLICATION
ATTACKS?
//////////////////////////////////////////////////////////////////////////////////////////////////////////
P
roofpoint, a leading cybersecurity and compliance company,
has released its Cloud Application Attack Snapshot: Q1 2019
research, which examined over 100, 000 cloud application
attacks aimed at global organisations between September 2018 and
February 2019.
Overall, targeting attempts increased by 65% during that time
period with 40% originating in Nigeria.
Proofpoint found that the education sector was the most targeted
of both brute-force and sophisticated phishing attempts. This
industry, and students especially, are highly vulnerable due to their
remote nature.
Additional Proofpoint cloud application attack
research findings
Brute-Force Cloud App Attack Findings:
Cloud application attacks use intelligence driven brute-force
techniques (to crack passwords) and sophisticated phishing
methods to lure victims into clicking and revealing their
authentication credentials to break into cloud applications
including Microsoft Office 365 and Google G Suite. If successful,
attackers often increase their foothold in organisations by
spreading laterally through internal phishing messages to infect
additional users, access confidential information, and fraudulently
route funds.
“As organisations continue to move their mission-critical
business functions to the cloud, cybercriminals are taking
advantage of legacy protocols that leave individuals vulnerable
when using cloud applications,” said Ryan Kalember, Executive
Vice President of Cybersecurity Strategy for Proofpoint. “These
attacks are laser-focused on specific individuals, rather than
infrastructure, and continue to grow in sophistication and scope.
As a best practice, we recommend that organisations establish
a cloud-first approach to security that prioritises protecting
employees and educates users to identify and report these
advanced techniques and methods.”
24
INTELLIGENTCIO
• IMAP-based password spraying attacks are the most popular
and extensive technique used to compromise Microsoft Office
365 accounts. These attacks occur when cybercriminals attempt
common or recently leaked credentials across many different
accounts at the same time
• Most brute-force attacks originated in China (53%), followed by
Brazil (39%) and the US (31%)
• Over 25% of examined Office 365 tenants experienced
unauthorised logins and over 60% were actively targeted. Overall,
the success ratio in Q1 2019 was 44%
Phishing Cloud App attack findings:
• Most phishing cloud app attacks originate from Nigeria
(63%), followed by South Africa (21%) and the United States
via VPNs (11%).
• Attackers will often modify email forwarding rules or set email
delegations to maintain access. They will also use conspicuous
VPN services to bypass conditional access and geolocation-
based authentication
www.intelligentcio.com