McAfee: Attacks on Corporate Cloud Increase More Than 6-fold as Companies Work From Home

• Advises cloud-native security, while demonstrating importance of ‘security by design’
• Attackers are also distributing genuine Covid apps with embedded malware

Online attacks by external actors have increased by 630% during the Covid-19 lockdowns, driven in part by a six-fold rise in the use of cloud collaboration tools by users and a 50% rise in enterprise use of cloud services.

These are among the conclusions presented in McAfee's latest research study titled, “Cloud Adoption & Risk Report – Work-from-Home Edition”, which also advises enterprises to adopt a cloud-first security mind-set.

“Mitigating this risk requires cloud-native security solutions that can detect and prevent external attacks and data loss from the cloud and from the use of unmanaged devices,” said Rajiv Gupta, senior vice president, Cloud Security, McAfee. “Cloud-native security has to be deployed and managed remotely and can't add any friction to employees.”

Most of these external attacks targeted collaboration services like Microsoft 365, and were large-scale attempts to access cloud accounts with stolen credentials. Other tools mentioned in the report include Cisco WebEx, Zoom, Microsoft Teams and Slack.

The report was based on anonymized and aggregated data from more than 30 million McAfee MVISION Cloud users worldwide between January and April 2020.

Security by design

Raj Samani, McAfee Chief Scientist and McAfee Fellow, admitted that the task facing security teams might seem overwhelming. "It is difficult for businesses to secure each and every vector of attack that their users may occur, given how interconnected all devices are today," he said, acknowledging that it’s not a new issue. "We know that in 2019, software vulnerabilities in VPN servers were targeted by malicious players in a bid to secure company usernames and passwords, and beyond these, phishing attempts were made as well."

One possible silver lining is that more and more businesses are now practising "security by design", where every tool or element to be integrated into business must be complemented with cybersecurity measures and policies. "For companies that have adhered to the concept of security by design, it’s a matter of ensuring that cybersecurity measures and employee responsibility is maintained over the period."

On the other hand, companies are very probably facing an unprecedented volume of employees attempting to work from home. "The stepping stones for businesses to protect themselves are much more complex: with infinitely more variables," said Samani. "From workplace size to IT setup to SaaS deployments, each variable means one more consideration for businesses to secure."

"But by committing to cybersecurity, companies can begin to take the series of steps that lead to increased resilience, and can rely on things like learning from other companies with similar deployments and rollouts."

Employees must also play their part. "This means being familiar with company policy and best practices, along with practicing cyber hygiene," he said. These include practises like accessing company archives and servers only through authorised devices, being wary of phishing attacks, and ensuring that their home routers are secure before connecting to them for work purposes.

Samani also advised for users to take care when using video conferencing tools, and he isn't just talking about software vulnerabilities. "There’s two sides to every vulnerability, and people haven’t focused enough on the human factor," he said. "Forbes reported that many users had actually posted their personalised meeting links on social media sites such as Twitter, giving truants easy access to their meeting rooms."

Using accurate information and tools to spread malware

Samani also advised users to be wary of malicious scams that have proliferated alongside the rise in interest in Covid-related information. The largest vector are malicious domains, i.e. domains that claim to be related to the pandemic but are in fact engaging in fraudulent activity. 

"Criminals are disseminating real-time, accurate information about global infection rates and using these as a vector to spread malware," he said.

Security researchers have found that a digital Coronavirus kit - with a fully working online map of infected areas and other data from the World Health Organisation - was sold on cybercrime forums, and could be bundled with a payload of the customer’s choice, including malware.

Meanwhile, there is a risk that genuine apps (such as Covid track and tracing apps) could be co-opted for more nefarious motives. "In the past, there have also been cases where apps, such as Daegu Bus, a Korean bus information app, was compromised after malicious players compromised the account of the original developer, and uploaded a modified version of the app which had phishing capabilities and injected Trojans into the devices it was on."

"It’s clear that first, developers of such apps must be vigilant for any signs of attack," said Samani. "Ensure that they are ready to face these malicious players by employing cybersecurity tools, and training their employees on cybersecurity best practices."

Samani's advice for end-users is to exercise due diligence, by only downloading apps from verified sources, and also checking the permissions the apps require. "Malicious apps often request for over 30 permissions to compromise phone functions such as cameras, file libraries, and location tracking," he explained.

Related Links:

MPOWER Cybersecurity Summit 2019: McAfee reinforces their fight to the cloud

The 2020 trends shaping the cloud in Southeast Asia

Security within organisations needs to be collaborative process, says Sophos