Cybersecurity and compliance company Proofpoint has released its Cloud Application Attack Snapshot: Q1 2019 research, which examined over one hundred thousand cloud application attacks aimed at global organisations between September 2018 and February 2019.
Overall, targeting attempts increased by 65% during that time period with 40% originating in Nigeria.
China was the second most prevalent country of origin, with 26% of attacks originating from Chinese IP addresses.
Cloud application attacks use intelligence driven brute-force techniques (to crack passwords) and sophisticated phishing methods to lure victims into clicking and revealing their authentication credentials to break into cloud applications including Microsoft Office 365 and Google G Suite.
If successful, attackers often increase their foothold in organisations by spreading laterally through internal phishing messages to infect additional users, access confidential information, and fraudulently route funds.
“As organisations continue to move their mission-critical business functions to the cloud, cybercriminals are taking advantage of legacy protocols that leave individuals vulnerable when using cloud applications,” says Proofpoint cybersecurity strategy executive vice president Ryan Kalember.
“These attacks are laser-focused on specific individuals, rather than infrastructure, and continue to grow in sophistication and scope.
“As a best practice, we recommend that organisations establish a cloud-first approach to security that prioritises protecting employees and educates users to identify and report these advanced techniques and methods,” he says.
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
This industry, and students especially are highly vulnerable due to their remote nature.
Additional Proofpoint cloud application attack research findings
Brute-force cloud app attack findings:
Phishing cloud app attack findings: