LATEST INTELLIGENCE
CLOUD ACCOUNT COMPROMISE AND TAKEOVER
PRESENTED BY
Cloud account compromise is the act of maliciously gaining control over a legitimate user ’ s cloud-based email or collaboration service account-giving the attacker wide-ranging access to data , contacts , calendar entries , email and other system tools . Beyond the compromised user ’ s data , the attacker can use the account to impersonate the user in social engineering attacks such as business email compromise ( BEC ) and more , both inside and outside of the organisation .
Threat actors can access sensitive data , persuade users or outside business partners to wire money or damage an organisation ’ s reputation and finances . They can also install backdoors to maintain access for future attacks .
TOOLS OF THE TRADE
• Phishing attacks , including OAuth token phishing .
• Brute-force attacks that automate credential guessing , such as Aircrack-ng and Jack the Ripper .
• Credential recycling or stuffing , which uses already stolen username and password pairs .
• Malware , including keyloggers and credential stealers such as PunkeyPOS and Spyrix .
TYPES
Scan
QR code to download whitepaper here
• Credential theft – attackers exploit weak passwords , poor security systems and reused passwords from other sites to hack into systems .
• Malicious OAuth apps – use OAuth token phishing and app impersonation to manipulate account owners into delegating permissions for accessing system resources .
• Insider threats – credential loss created by negligence or malicious intent .
• Malware – malicious software installed in systems can go unnoticed for long periods of time . Such malware can steal credentials and communicate with the attacker . x
20 www . intelligentcxo . com