Blog Post - Preventing Cloud Jacking [Published May 2024]

Three ways enterprises can prevent cloud jacking

Late on a Friday afternoon, an urgent message hits the inbox of a mid-level executive at a large data firm. The message seems to be authentic; not only is the sender identified as the executive’s boss but it is attached to a recent exchange of legitimate emails between the two.

The request, however, is unique. The executive is asked to send their password so their boss can access a system accessible only through their account. It is a highly irregular request, and the executive hesitates long enough to place a call. This results in a shocking discovery: There has been a breach in the company’s cloud infrastructure.

The email was part of a blast sent to dozens of mid-level executives, using addresses and texts stored in the business’s cloud service. It only takes one of these targeted executives reacting without due caution for the ploy to be worthwhile.

For cybercriminals, cloud platforms can be a ready means for gaining trust and conning people into making decisions damaging to their businesses and careers. Those who master this dark skill are known as cloud jackers.

How cloud jacking works

Most data-focused enterprises unlock vast opportunities by accessing cloud technology. Unfortunately, these opportunities can also attract sophisticated criminals. Some merely want to steal data. Others want more.

Cloud jacking involves illicit entry into a cloud environment for a range of activities. This includes blocking access to legitimate users, sending out phishing emails or malware under the guise of business activity or even inflicting wholesale financial and reputational damage on the host.

Some cloud jacking attacks involve an escalating series of damaging assaults on an enterprise’s cloud profile using compromised credentials. A persistent cloud jacker left with too much time can transform the initial breach into a springboard for damaging cyberattacks across the enterprise and well beyond it.

In whatever form cloud jacking takes, its effects can be devastating to unprepared enterprises and their employees.

What are the objectives?

Like other malevolent hackers, cloud jackers understand cloud architecture is where the action is. Gartner estimates more than 95% of new digital workloads will be deployed on cloud-native platforms by 2025 – up from 30% in 2021.

Being prepared for cloud jackers requires an understanding of what drives them. Unlike other shady operators who infiltrate the cloud to steal data, cloud jackers seek to leverage access itself.

This disruption of enterprise activities can be for ransom, exploitation of intellectual property, launching malware or bot attacks from a third-party location or many other reasons. They can even use their stolen access to deny the same access to legitimate users of the cloud service.

The challenge is further exacerbated by the growth of workload identities (separate from direct human activity) that access cloud infrastructure. With so many apps, virtual machines, AI and Internet of Things-related activities to track and monitor, how does one guard their cloud system against a would-be cloud jacker?

How can it be stopped?

A focused strategy to prevent cloud jacking simultaneously can succeed by employing three complementary processes:

1.    Authenticate, authenticate: A commitment to multi-factor authentication (MFA) can significantly reduce exposure to cloud jacking at the ground level. Having to navigate multiple access checkpoints will often send cloud jackers in search of easier targets.  Simply put, security built around a single password cannot be counted on today. AWS reports: “While passwords protect digital assets, they are simply not enough. Expert cybercriminals try to actively find passwords.” Yes, a policy of maintaining more stringent authentication protocols is less convenient. However, the implementation of user-friendly MFA with an option to add single sign-on (SSO) features can provide stronger protection complete with frictionless, trusted access.

2.    Control access: Too many cloud platforms are compromised when their owners allow free rein to multiple users. At the heart of much cloud insecurity is the failure to deal with permission risk. Failing to update configuration settings or allowing access by large numbers of users invites illicit entry. It is helpful here to consider the widely understood principle of least privilege (PoLP) when implementing cloud security. In sum, a user should only have access to the specific data, resources and applications they need to complete a required task. Enterprises leveraging cloud platforms need to be willing to set hard limits on who gets access to their infrastructure. They also need to keep close watch on those who have credentials, creating practical yet firm parameters on where they can and cannot go.

 

3.    Get help: When dealing with the management of off-premises operations like cloud services, going it alone is often a big mistake. One needs access to tools for better managing security around an enterprise’s cloud assets. One also needs dedicated expertise for help managing those tools effectively, including implementing effective safeguards along the way. Having the support of a managed service provider is essential to this end. Managed Cloud Security can take many forms depending on the type and size of enterprise being served, but it all boils down to 24/7/365 managed protection custom-designed to fit the cloud activities of a specific user. Trusting an internal IT team to manage cloud security protocols is not only limiting from a cybersecurity perspective but can hamper their other mission-critical activities.

Other helpful strategies

Regular software updates and site management reviews are also useful ways to counter cloud jacking. Cloud jackers often count on a level of operational disconnect between an enterprise and its cloud assets; this can be minimized by a regimen of careful scrutiny and steady change.

Zero Trust Network Access (ZTNA) is a solution that provides comprehensive security using a dynamic, identity-based approach to grant access to users, devices, and applications. While virtual private networks (VPNs) can encrypt and protect cloud connections, ZTNA is optimally designed for securing data both in transit and at rest. In short, ZTNA offers a more robust and secure solution to protect sensitive data. 

While backing up data stored in the cloud won’t protect that data from theft, it can reduce the damage done by those cloud jackers who seek to delete or deny access to critical data. 

Being aware of the assigned security responsibilities of a cloud service provider is also important. “Remember that security is a shared responsibility between you and your cloud service provider, so ensure that you understand your provider’s security policies.”

Learn how your enterprise can ensure deeper, safer vigilance of its cloud assets, and other ways you can help your organization exceed its service goals today and tomorrow with Spectrum Enterprise solutions.