Cyber Crime Strikes Cloud Too
More than a decade ago it was more about sending an email to all the entries in the address book. Then financial theft came into the picture. The notorious cyber criminals then moved on to the mobile platform. According to a report by McAfee and Guardian Analytics, cloud server is the next stop in their itinerary. Cloud Computing is storing data in a remote server that is accessible by all the authorized computers in the network circumventing the need for storing that in all the computers. Although this is an alarming issue, it is hardly a breakthrough in cyber crime. Sooner or later, cloud servers were anticipated to be at the receiving end of cyber attacks.
The modus operandi still remains pretty much the same – beguile the target into disclosing the username, password and other confidential credentials (usually done by phishing) and then launch the attack. That isn’t a daunting task either, thanks to the oblivious users. All that needs to be done is to redirect the victim to a web page camouflaged as a bank’s page that discreetly installs malware in the computer. What has changed here is the operation of the malware. Instead of initiating the attack from the victim’s computer, it is done on the cloud server itself using the information sent by the malware. This unprecedented advantage eliminates the need for updating the malware frequently.
Cloud computing has just one spectacular benefit – saving time and resources, which has instigated the rise in the adoption of this technology. Owing to the fact that most of the data is segregated and stored in a server, it’s like a warehouse laden with fire crackers. If unsecure, it’s a disaster waiting to happen. A single attack will then spin off multiple attacks without much resistance. In a matter of a few seconds, the malware feeds the server with all the initial authentication information extracted from the victim’s PC, granting immediate access to the server. After the malware is installed, everything from then on is automated with non-detectable levels of suspicious activity in the client end. Even if somehow the malware is detected, the ship would have long gone by then with the goods.
This very much looks like the route for financial theft and other cyber attacks for the foreseeable future. Revamping the existing malware just a bit should do the job. Implementing ten folds of security in the server merely shall not address this menace. The roots of the problem lies with the end user – his vulnerability to give an all access pass to these kinds of malicious software. General awareness to cyber crime issues would do a great deal in bringing down attacks by cutting it off right at its origin.