ACG-CYBER SECURITY BULLETIN NR 202: UNDERSTANDING THE RISK OF CLOUD JACKING
Reference Number ACG-CSB 012121202
The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.
Cloud-jacking is an emerging and significant cybersecurity threat due to the reliance of businesses and individuals on cloud computing. Misconfiguration is driving the majority of the incidents. Cloud-jacking, or cloud account hijacking, occurs when an individual or an organization’s cloud account is stolen, hijacked, or taken over by an attacker. Cloud account hijacking is a common tactic in identity theft schemes in which the attacker uses the stolen account information to conduct malicious or unauthorized activity. When cloud account hijacking occurs, an attacker typically uses a compromised email account or other credentials to impersonate the account owner.
While cloud computing carries with it a wealth of benefits to organizations, including reduced capital costs and on-demand resources, it also provides cyber criminals with an environment ripe for attack, since huge amounts of data are housed in one place. Because the data is stored and accessed on devices and resources often shared across many different users, the risks presented by cloud account hijacking are plentiful.
Businesses also should take proactive steps when choosing cloud service providers. One such step is to carefully review potential contracts and compare the cloud security and data-integrity systems of cloud service providers. Companies should also take a data-driven approach when evaluating potential cloud service providers, including considering the number of data loss or interference incidents a cloud service has experienced. You should know how often the cloud service provider experiences downtime and how the service provider monitors and manages vulnerabilities. Companies should choose cloud service providers that allow clients to audit the providers’ performance in these areas.
All PNP personnel as well as the public are advised to follow the tips in order to avoid the risk of CLOUD JACKING:
- Check with your service provider to make sure they have conducted background checks on employees who have physical access to the servers in their data centers.
- Have a strong method of authentication for cloud app users.
- Make sure all of your data is securely backed up in the event that your data is lost in the cloud.
- Restrict the IP addresses allowed to access cloud applications. Some cloud apps provide tools to specify allowable IP ranges, forcing users to access the application only through corporate networks or VPNs.
- Require multi-factor authentication. Several tools exist that require users to enter static passwords as well as dynamic one-time passwords, which can be delivered via SMS, hardware tokens, biometrics, or other schemes.
- Encrypt sensitive data before it goes to the cloud.
For additional information, please refer to the following websites:
POINT OF CONTACT