LATEST INTELLIGENCE

PRESENTED BY

Description

Cloud account compromise is the act of maliciously gaining control over a legitimate user ’ s cloud-based email or collaboration service account – giving the attacker wide-ranging access to data , contacts , calendar entries , email and other system tools . Beyond the compromised user ’ s data , the attacker can use the account to impersonate the user in social engineering attacks such as business email compromise ( BEC ) and more , both inside and outside of the organisation . Threat actors can access sensitive data , persuade users or outside business partners to wire money or damage an organisation ’ s reputation and finances . They can also install backdoors to maintain access for future attacks .

Tools of the trade

• Phishing attacks , including OAuth token phishing .

• Brute-force attacks that automate credential guessing , such as Aircrack-ng and Jack the Ripper .

• Credential recycling or stuffing , which uses already stolen username and password pairs .

• Malware , including keyloggers and credential stealers such as PunkeyPOS and Spyrix .

Types

• Credential theft – attackers exploit weak passwords , poor security systems and reused passwords from other sites to hack into systems .

• Malicious OAuth apps – use OAuth token phishing and app impersonation to manipulate account

16 INTELLIGENTCIO LATAM www . intelligentcio . com