Well, this week I found, Widespread, Brute-Force, Cloud-to-Cloud Attacks Hit Office 365. Skyhigh Networks discovered a brute force cloud attack against 48 different organizations. The article stated, based on the duration and measured pace of the attacks suggested a determined effort and the desire to avoid detection. What is surprising is that the attackers were using previously compromised usernames and passwords.
The article had an interesting fact, “Cloud services are on path to become the standard for enterprise IT solutions, and Office 365, which offers cloud access to Microsoft Word, Excel and other productivity apps, has taken a dominant role with 58.4% of all sensitive corporate data in the cloud is stored in Office 365.”
I have used the 365 service at work and it has a lot of good functionality. However, there are a number of cloud solutions a small to medium size business can run on its own. Cloud attacks will probably become more prevalent in the future. The reality is the ultimate responsibility to control access to sensitive data lies with the customer.
Is this attack earth shattering? Not really considering that the attackers were using previously compromised user/password combinations. What was odd about the article is that it does not separate out cloud storage use and 365 cloud use that includes Microsoft Word, Excel.
I think this article caught my eye because -- and it is not a popular position -- I am not a CLOUD believer. Yep, I am a skeptic. I read articles like, Is the cloud really just someone else's computer?, that throw all the right buzzwords around to explain why the CLOUD is not just an a rehash of thin clients or "dumb terminals" and mainframes. In reality, it mostly is ... with some more bells and whistles. It is a technology that declined in popularity as the cost of PCs declined and storage media for those PCs became cheaper and larger in size. I do admit the CLOUD term is a winner for marketing. However, when you really get down to it, it is your data on another person's computer (mainframe, server farm, etc ...) and YOU are responsible for controlling the access to that data. Just ask Verizon ... who is getting the bad PR for their subcontractor's mistake.
P.S. If the highend services like Word Online were really successful, shouldn't we all be using Chromebooks and OneDrive?
Seals, T. (2017, July 25). Widespread, Brute-Force, Cloud-to-Cloud Attacks Hit Office 365 Users. Info Security. Retrieved from: https://www.infosecurity-magazine.com/news/widespread-bruteforce-office-365/
Wallen, J. (2016, November 29). Is the cloud really just someone else's computer? TechRepublic Retrieved from: http://www.techrepublic.com/article/is-the-cloud-really-just-someone-elses-computer/
No comments:
Post a Comment