Prevention and combat recommendations
The last decade was marked by the crescent use of the cloud, which consists in having our data stored remotely via cloud services instead of being stored locally on our systems or devices. However, despite its multiple benefits, this practice also brings new risks, among of which is identity theft.
Identity theft in the cloud is a process where an individual or organization’s cloud account is stolen or hijacked by an attacker. Cloud account hijacking is a common practice in identity theft scams where the attacker uses information from the stolen account to perform malicious or unauthorized activities. When there’s a cloud account theft, the attacker often uses a compromised e-mail account or other credentials to take the place of the account holder.
| Cloud Computing brought many benefits for organizations, including cost reductions in terms of resources and investments. However, it also provides cybercriminals with an environment that is conducive to attacks, because there are large volumes of data stored in one place. As data are stored and accessed on devices and resources are usually shared between many different users, the risks of identity theft in cloud are recurrent. |
Concern about the misuse of personal data on the Internet promoted by the pandemic and telework, where there was an increase of computer scams.
| Identity theft in the cloud is, therefore, a concern about which it’s important to highlight some prevention and combat recommendations. |
Cloud account theft
Identity theft is a threat to the cloud that steals user account credentials. By accessing personal data, the criminal can impersonate an authentic user and cause not only financial but also reputation damage to the victim. The multiple possibilities of identity theft in the cloud require special attention. Identity theft can occur in a wide variety of moments by accessing the victim’s phone, computer, social media, e-mail, online banking,…
There are several means that attackers can use to hijack accounts, including:
1. Phishing
| Forwarding users to an unsecured website to steal their information or hijack their session ID |
2. Malware
Leading the user to install malware that will facilitate the capture or access to the cloud account
3. Weak Passwords
| By using brute force, the attackers can find or guess your password, if your password isn’t strong. In this scenario, the use of multi-factor authentication is essential |
4. Attack to Cloud Service
Additionally, you must check the maturity and reliability level of your Cloud provider, because there’s a multitude of direct attacks to Cloud services that can allow attackers to steal the identity of users.
5. Man-in-the-middle Attacks
The typical attacks where the connection is somehow intercepted and used by attackers to get access or hijack the account. A classic example is when we use unsecured wireless networks.
How can you protect yourself against identity theft in the cloud?
- Firstly, you should create secure passwords and change them frequently. This will help you stay protected against attacks. Also consider the use of multi-factor authentication (MFA), which will add an extra security layer, making it hard for attackers to access your account remotely.
- Secondly, many successful account intrusion attempts happen due to phishing. Be careful when you click on Internet and e-mail links and when you receive password reset requests, and this will help protecting you against attacks. If you have any employees using cloud services, make sure that you inform them about the vulnerabilities of cloud computing so that they know how to identify account intrusion attempts.
- Overall, seeking advice from an expert on threat and vulnerability detection is also an effective way to prevent account hijacking. They can look for potential vulnerabilities in your network and introduce controls that will you’re your data better protected against these types of attack.
