Back
Cibersecurity Newsletter
APRIL 2021

Identity theft in the cloud

Prevention and combat recommendations

The last decade was marked by the crescent use of the cloud, which consists in having our data stored remotely via cloud services instead of being stored locally on our systems or devices. However, despite its multiple benefits, this practice also brings new risks, among of which is identity theft.

Roubo de Identidade na Cloud

Identity theft in the cloud is a process where an individual or organization’s cloud account is stolen or hijacked by an attacker. Cloud account hijacking is a common practice in identity theft scams where the attacker uses information from the stolen account to perform malicious or unauthorized activities. When there’s a cloud account theft, the attacker often uses a compromised e-mail account or other credentials to take the place of the account holder.

Cloud Computing brought many benefits for organizations, including cost reductions in terms of resources and investments. However, it also provides cybercriminals with an environment that is conducive to attacks, because there are large volumes of data stored in one place. As data are stored and accessed on devices and resources are usually shared between many different users, the risks of identity theft in cloud are recurrent.

Cloud-01

Cloud-02

Concern about the misuse of personal data on the Internet promoted by the pandemic and telework, where there was an increase of computer scams.

Source: Cybersecurity in Portugal Report from the Portuguese National Cybersecurity Centre (CNCS).

Identity theft in the cloud is, therefore, a concern about which it’s important to highlight some prevention and combat recommendations.

Cloud account theft

Identity theft is a threat to the cloud that steals user account credentials. By accessing personal data, the criminal can impersonate an authentic user and cause not only financial but also reputational damage to the victim. The multiple possibilities of identity theft in the cloud require special attention. Identity theft can occur in a wide variety of moments by accessing the victim’s phone, computer, social media, e-mail, online banking,…

There are several means that attackers can use to hijack accounts, including:

1. Phishing

Forwarding users to an unsecure website to steal their information or hijack their session ID

Image4

2. Malware

Leading the user to install malware that will facilitate the capture or access to the cloud account.

Image2

3. Weak Passwords

By using brute force, the attackers can find or guess your password, if your password isn’t strong. In this scenario, the use of multi-factor authentication is essential.

Image44

4. Attack to Cloud Service

You must check the maturity and reliability level of your Cloud provider, because there’s a multitude of direct attacks to Cloud services that can allow attackers to steal the identity of users.

Image45

5. Man-in-the-middle Attacks

The typical attacks where the connection is somehow intercepted and used by attackers to get access or hijack the account. A classic example is when we use unsecured wireless networks.

Image46

Cloud-03

Account hijacking is not new. In 2014, an Egypt-based researcher found a PayPal vulnerability that left about 150 million accounts exposed to this type of attack. Luckily, the threat was corrected before there was any damage.

How can you protect yourself against identity theft in the cloud?
check

Firstly, you should create secure passwords and change them frequently. •This will help you stay protected against attacks. Also consider the use of multi-factor authentication (MFA) whenever possible, which will add an extra security layer, making it hard for attackers to access your account remotely.
check

Many successful account intrusion attempts happen due to phishing. Be careful when you click on Internet and e-mail links and when you receive password reset requests, and this will help protecting you against attacks. If you have any employees using cloud services, make sure that you inform them about the vulnerabilities of cloud computing so that they know how to identify account intrusion attempts.
check

Seeking advice from an expert on threat and vulnerability detection •is also an effective way to prevent account hijacking. They can look for potential vulnerabilities in your network and introduce controls that will you’re your data better protected against these types of attack.

Archive

2024

 What is Keylogging?

 October, the Cybersecurity Month

 Can deepfakes influence election results?

 Real-life Case: Ministry of Education recovers 2.5 million euros paid out in computer fraud

 Zero Trust Model

 Real-life Case: Fraud in company due to remote hiring

 The future of passwords

 Generative Artificial Intelligence: Managing Security Risks

 Real-life Case: The City Council of Seville in Spain has suspended all telematic services due to a ransomware attack

 What is Spoofing?

 Authentication in Cyberattack Prevention

2023

 Cybersecurity trends for 2024

 10 Steps for Safe Online Shopping

 October, the Cybersecurity Month

 How to Protect the Privacy of Your Mobile Phone and Tablet

 Social Media, a risk to cybersecurity

 8 tips to protect your information in the Cloud

 10 tips for cybersecurity that parents should know to protect children from online risks

 Prevention starts with creating a password

 Cybersecurity and ChatGPT

 Backups | The Guardian of Data Loss

 Dangers and challenges of AI in cibersecurity. Are you prepared?

 Phishing, Smishing and Vishing | Best Practices

2022

 Online fraud attempts to be on the alert in 2023

 Online shopping security | What we recommend

 Cybersecurity Awareness | 8 habits to have at Home and at Work

 Cybersecurity & Cookies

 Cybersecurity on Holiday and Travel

 Cloud Security

 Ransomware Awareness

 Mobile Security

 Physical Security

 Social Engineering

 PII or Personally Identifiable Information

 Cybersecurity trends for 2022

2021

 Avoid IoT Disasters

 Cybersegurity Quiz

 SOUP-D Tips to protect yourself from cyberattacks

 Multi-Factor Authentication

 Deepfake

 Zero Trust

 Ransomware

 Dangers when using a VPN

 Identity Theft in the Cloud

 Mobile Malware

 Creating Passwords

 Internet of Things

2020

 Identity Theft and Internet Fraud Scams

 Secure Online Shopping

 Think before you click quiz

 Proper use of the Internet

 Spear Phishing

 Security of PC's and other devices

 Vishing

 Backups

 Communication/Video tools

 Cybersecurity when working remotely

 Formjacking

 Ransomware

 Phishing

2019

 Online Shopping

 Passwords

Subscribe our newsletter.


Cookie Consent X

Devoteam Cyber Trust S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.