Story image

Cloud application attacks in Q1 up by 65% - Proofpoint

18 Mar 2019

Cybersecurity and compliance company Proofpoint has released its Cloud Application Attack Snapshot: Q1 2019 research, which examined over one hundred thousand cloud application attacks aimed at global organisations between September 2018 and February 2019. 

Overall, targeting attempts increased by 65% during that time period with 40% originating in Nigeria. 

China was the second most prevalent country of origin, with 26% of attacks originating from Chinese IP addresses.  

Cloud application attacks use intelligence driven brute-force techniques (to crack passwords) and sophisticated phishing methods to lure victims into clicking and revealing their authentication credentials to break into cloud applications including Microsoft Office 365 and Google G Suite. 

If successful, attackers often increase their foothold in organisations by spreading laterally through internal phishing messages to infect additional users, access confidential information, and fraudulently route funds.  

“As organisations continue to move their mission-critical business functions to the cloud, cybercriminals are taking advantage of legacy protocols that leave individuals vulnerable when using cloud applications,” says Proofpoint cybersecurity strategy executive vice president Ryan Kalember. 

“These attacks are laser-focused on specific individuals, rather than infrastructure, and continue to grow in sophistication and scope.

“As a best practice, we recommend that organisations establish a cloud-first approach to security that prioritises protecting employees and educates users to identify and report these advanced techniques and methods,” he says.

Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.

This industry, and students especially are highly vulnerable due to their remote nature. 

Additional Proofpoint cloud application attack research findings  

Brute-force cloud app attack findings: 

  • IMAP-based password spraying attacks are the most popular and extensive technique used to compromise Microsoft Office 365 accounts. These attacks occur when cybercriminals attempt common or recently leaked credentials across many different accounts at the same time.  
  • Most brute-force attacks originated in China (53%), followed by Brazil (39%), and the U.S. (31%). 
  • Over 25% of examined Office 365 tenants experienced unauthorised logins and over 60% were actively targeted. Overall, the success ratio in Q1 2019 was 44%.  

Phishing cloud app attack findings: 

  • Most phishing cloud app attacks originate from Nigeria (63%), followed by South Africa (21%), and the United States via VPNs (11%). 
  • Attackers will often modify email forwarding rules or set email delegations to maintain access. They will also use conspicuous VPN services to bypass conditional access and geolocation-based authentication.  
Huawei FusionServer Pro built for 'intelligent transformation'
The next generation X86 servers draw on an intelligent acceleration engine, an intelligent management ending, and intelligent data center solutions for ‘diverse’ scenarios as transformation shifts from digital to intelligent.
ISI Communications moves network core to Chicago's New Continuum Data Centers
“We are excited to welcome ISI and its customers to our facility,” comments New Continuum Chairman & CEO, Eli D. Scher.  “ISI has a unique network reach, that combined with our capabilities, can deliver true value in an edge compute model.”
New Zealand Super Fund invests $115m into North America data centres
The New Zealand Super Fund is set to invest up to US$115 million in North American data centres, as it seeks to capitalise on demand for digital infrastructure and data.
Teradata expands as-a-service offerings for Advantage platform
Data intelligence company Teradata has announced three new cloud and on-premise solutions that are now integrated into its Teradata Vantage platform.
DigiPlex opens up Nordic data centers to international customers
"The Nordics are Europe's premier market: a firm deploying 100 megawatts over 20 years could save approximately $2 billion by placing their data center in Sweden or Norway versus the U.K."
PacketFabric adds point of presence to phoenixNAP's Phoenix data center
PacketFabric now has a presence in phoenixNAP’s flagship data center in Phoenix, Arizona,. PhoenixNAP successfully deployed PacketFabric’s Connectivity-as-a-Service (CaaS) platform.
Hawaiki expands US point-of-presence to Seattle
The Hawaiki submarine cable that connects Australia, New Zealand, the Pacific Islands and Hawaii to the United States now has a new point of presence in Seattle.
HPE & Nutanix join forces to deliver hybrid cloud as a service
The two tech giants have partnered to offer a fully integrated solution that capitalises on the hybrid IT market.