Nigeria is top source of cloud application attacks

Nigeria is the top source of cloud application attacks worldwide, according to research from cybersecurity and compliance company Proofpoint.

An examination of over 100,000 cloud application attacks aimed at global organisations between September 2018 and February 2019 also shows that total targeting attempts increased by 65% over this time.

Cloud application attacks involve the use of intelligence-driven brute force password cracking techniques and sophisticated phishing methods aimed at breaking into an enterprise’s cloud applications, such as Microsoft Office 365 or Google’s G Suite.

Attackers can often use a successful breach to access confidential information and hijack funds. Cybercriminals will also commonly use an initial breach as a foothold to spread laterally to additional users via internal phishing messages. Access to cloud applications can allow them to modify email forwarding rules or set email delegations, allowing them to maintain access.

The research found that 40% of cloud application attacks came from Nigerian IP addresses, while 26% of the analysed attacks originated from China.

Chinese attackers were also responsible for the majority of brute force attacks, with Brazil and the US rounding out the top three, but Nigeria was responsible for the wide majority of phishing-based attacks, followed by South Africa and the US via VPNs.

The research also shows that the most popular technique used to compromise Office 365 accounts was IMAP-based password spraying. This technique involves attempting common or recently exposed credentials across many accounts simultaneously.

“As organisations continue to move their mission-critical business functions to the cloud, cybercriminals are taking advantage of legacy protocols that leave individuals vulnerable when using cloud applications,” Proofpoint Executive Vice President of Cybersecurity Strategy Ryan Kalember said.

“These attacks are laser-focused on specific individuals, rather than infrastructure, and continue to grow in sophistication and scope. As a best practice, we recommend that organisations establish a cloud-first approach to security that prioritises protecting employees and educates users to identify and report these advanced techniques and methods.”

Image credit: ©iStockphoto.com/mipan

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.