300% increase in attacks on cloud services

Cyber attacks targeting cloud services are accelerating at an increasing speed, according to Microsoft.

The internet giant revealed that the frequency and sophistication of attacks on its users cloud based accounts is “accelerating.”

The problem has become endemic, with Microsoft’s Identity Security and Protection team recording a 300% increase in user accounts being attacked over the last year.

>See also: How to approach cloud computing and cyber security in 2017

“A large majority of these compromises are the result of weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services,” said Microsoft in its “Security and Intelligence” report.

At the same time, during the first quarter this year from the same period in 2016, the number of Microsoft account sign-ins attempted from malicious IP addresses increased by 44%.

When grouped by region, more than two-thirds of incoming attacks on Azure cloud services came from IP addresses in China (35.1%) and the US (32.5%). South Korea was third at 3.1%.

“In a cloud weaponisation threat scenario, an attacker establishes a foothold within a cloud infrastructure by compromising and taking control of one or more virtual machine,” said the report.

>See also: How to approach cloud computing and cyber security in 2017

“The attacker can then use these virtual machines to launch attacks, including brute force attacks against other virtual machines, spam campaigns that can be used for email phishing attacks, reconnaissance such as port scanning to identify new attack targets, and other malicious activities.”

Commenting on this, Oliver Pinson-Roxburgh, EMEA director at Alert Logic said “There are a number of sophisticated attacks that rely on new detection capabilities most organisations do not have today and they are increasing as organisations get better at security best practices.”

A recent alert Logic report into similar issues reached the following conclusions:

• Over the nine-month period during which Alert Logic’s machine learning effort came to life, it identified approximately 231 attacks in which malicious SQL injection was deployed with a high degree of complexity and sophistication. While this may seem like a small part of the larger picture, it means that 8-10% of the customers we monitored were targeted by actors with better-than-average levels of skill and determination, which is notable.

>See also: The great IT myth: is cloud really less secure than on-premise?

• The remaining 47% of these incidents were detectable only with the use of machine learning.

• While Alert Logic saw close to 37% more incidents in on-premises data centres, this still leaves each public cloud deployment to withstand just over (on average) around 400 incidents in the 18-month period covered by this report. And even lower incident rates do not necessarily translate to lower risk – especially when, as is increasingly more common, businesses rely on the public cloud to handle their highest-value assets.


The UK’s largest conference for tech leadershipTech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...