A latest report from McAfee says cyber criminals are increasingly targeting collaboration to steal account credentials
The “Cloud Adoption and Risk Report” from McAfee says the increasing use of virtual meeting and collaboration platforms as Microsoft 365, Microsoft Teams, and Zoom, among others has made them vulnerable for cyber-crime.. Several hackers are taking advantage of cloud services and hence companies need to take measures to protect themselves and their employees.
The report is based on cloud-usage data from 30 million McAfee MVISION cloud users from January to April 2020. There was a 50% increase in the overall use of cloud services, says the report. Collaboration tools like Slack and Zoom have witnessed a significant rise in the usage across such industries as manufacturing, education, government, and financial services.
At the same time, there is a spike in cloud access from personal devices, not managed by the IT team. Companies that do not have a BYOD policy and security guidelines, will be hit hard. Since the beginning of 2020, the volume of cyberthreats against cloud services has increased by 630%, with the greatest focus on collaboration tools such as Microsoft 365, found the report. Most of the cyber-attacks are using stolen account credentials for password spraying campaigns. McAfee says these cyber threats are of two types –access from an anomalous location and access from multiple locations. In the case of the former, the access comes from a location not previously detected and atypical to the user’s organization. I case of the latter, the login attempts come from multiple locations within a short period of time.
The transportation and logistics industries saw the biggest increase in cyberthreats, followed by education, government, manufacturing, financial services, and energy and utilities, the report pointed out. US, China, India, Brazil, Russia, Laos, Thailand, Mexico, New Caledonia, and Vietnam have been identified as the top countries from which the attacks were initiated.
In order to tighten their cyber security, McAfee recommends enterprises to invest in a cloud-centric security mindset and also to implement a cloud-based secure web gateway to protect corporate devices against web-based threats. Moreover, it suggests organizations to interoperate cloud-delivered network security and cloud-native data security seamlessly.