The focus of this week’s post will be Account Hijacking in
cloud environment. So what is Account Hijacking? An article by Digital Guardian
describes it as “a process in which an individual or organization’s cloud
account is stolen or hijacked by an attacker”. The stolen account information
is later used to conduct malicious or unauthorized activity. The cloud
environment is especially vulnerable to potential attacks of this sort, because
of the huge amount of data stored in one place and the multiple accounts
sharing resources across the network.
An example of Account Hijacking attack happened on April 20th
2010 when cross-site scripting (XSS) was used to steal session IDs from Amazon
Wireless customers. Session IDs are used to grant users access to their online
accounts after they enter their password. It took the security team 12 hours to
fix the bug, after it was first brought up to their attention.
Account hijacking attacks can damage an organization’s
reputation and integrity when confidential data is leaked or lost, causing
significant cost to businesses or their customers. Experts suggest the
following steps to protect the data in the cloud: strong authentication for
cloud app users, data is being backed up in the event of data loss, restriction
of the IP addresses allowed to access cloud applications, multi-factor
authentication and data encryption before it is sent to the cloud.
Resources:
Lord, N., (2015, September 28), What is Cloud Account Hijacking?, retrieved from https://digitalguardian.com/blog/what-cloud-account-hijacking
Goodin, D., (2010, April 20), Amazon purges account hijacking
threat from site, retrieved
from http://www.theregister.co.uk/2010/04/20/amazon_website_treat/
No comments:
Post a Comment