Cloud Account Compromise and Takeover

As business assets have moved to the cloud, cyber attackers have followed close behind. Starting with hosted email and webmail, cloud productivity apps like Office 365 and Google Workspace, and cloud development environments like AWS and Azure, cybercriminals have prized account credentials and made them the target of countless phishing campaigns. And with single sign-on giving lateral access to many different systems within an organization, a single compromised account can cause widespread damage.

Cloud account compromise is the act of maliciously gaining control over a legitimate user’s cloud-based email or collaboration service account—giving the attacker wide-ranging access to data, contacts, calendar entries, email and other system tools. Beyond the compromised user’s data, the attacker can use the account to impersonate the user in social engineering attacks such as business email compromise (BEC) and more, both inside and outside of the organization. Threat actors can access sensitive data, persuade users or outside business partners to wire money or damage an organization’s reputation and finances. They can also install backdoors to maintain access for future attacks.

Download the whitepaper to learn more about the anatomy of a cloud account takeover and how to protect your organization.

16th November 2022