What is Cloud Jacking & Why Should You Worry About It?


It’s estimated that 82% of the company workload is now cloud-based. Cloud adoption has been on a steady uptick for over a decade and has been accelerated by the pandemic, which required many companies to adjust to fully remote teams. What does it mean to be “in the cloud?” It means companies have their data and software accessible from any device. All the user needs is their login through an app or website. They’re then connected to the cloud provider’s server, which serves up the application and information stored within it. Cloud computing is a necessity for business continuity. It ensures that a company can continue operating even if it can’t access its office. It also enables work to be done from anywhere, which promotes higher productivity. However, the cloud does have a downside when it comes to security, and this is being exploited by an attack called “cloud jacking.”

What is Cloud Jacking?

Cloud jacking is when a cloud account is taken over by a hacker. They will generally get in through a compromised user credential, which gives them all the same privileges as that user.

If a hacker breaks into your Microsoft 365 account, this can allow them to send phishing and spam on the user’s email address to others inside or outside your company, access Teams conversations, infect OneDrive cloud storage with ransomware, and more.

Cloud jacking has been on the rise because hackers are going to go where the data is. When less data is being stored in on-premises servers and more is stored in the cloud, consequently we will see an increase in cloud account takeovers.

Attacks on cloud accounts increased 630% in 2020.

What Can Attackers Do When They Breach a Cloud Account?

There are several things a hacker can do once they log into a cloud account as a user. The privilege level of the account they hack will also dictate how much damage they can do. Compromising an administrator’s login is going to allow them more control of your cloud account than if they hack the credentials of a user with more restricted privileges. But they can do damage both ways.

Some of the dangers associated with cloud jacking include:

  • Sending a phishing email from a user’s email address (this often results in a security breach because users in the same company will be more easily fooled when the email is coming from a colleague.)
  • Adding and deleting users
  • Infection cloud storage and syncing computers with ransomware & malware
  • Changing your cloud security settings
  • Stealing and/or deleting cloud-stored files
  • Accessing sensitive details for employees, vendors, and customers that can be sold on the Dark Web
  • Accessing any stored credit card details

How Does Cloud Jacking Happen?

Cloud jacking happens mainly through compromised login credentials. SaaS providers will typically have strong security on their platforms, so it’s more difficult for hackers to breach those security defenses than it is for them to breach an on-premises server that a company is securing themselves.

This leaves logging in as a legitimate user as the main way that attackers can hijack cloud accounts. If you have approved user credentials, then you bypass security designed to keep out attacks.

A 2020 Data Breach Investigations Report backs up the fact that credential theft is becoming a major problem. This credential theft is being used almost exclusively for cloud jacking. Some of the report findings were:

  • 77% of cloud data breaches are due to password compromise.
  • Password theft has become the #1 goal of phishing attacks.
  • Password dumpers have become the #1 form of malware used in data breaches.

What Can You Do to Prevent Cloud Jacking?

Enable Two-Factor Authentication on All Cloud Accounts

The best way to stop your cloud accounts from being breached is to enable two-factor authentication (2FA). A special code will be required at login. As a result, most hackers won’t have access to this code as it’s sent to a user device (like a smartphone).

Enabling 2FA can prevent 99.9% of fraudulent sign-in attempts.

Use the Rule of Least Privilege

The Rule of Least Privilege states that you should grant users the lowest possible privilege level in an account as is required for them to carry out their daily work tasks.

Instead of just making everyone an admin, you should restrict the number of accounts that have high-level privileges in your cloud tools. Therefore, this reduces the chance that a cloud jacker will “hit the jackpot” and steal an admin’s credential, allowing them to do much more damage.

Use a Cloud Security Tool

A cloud security tool like Microsoft Cloud App Security can help you reduce your risk of cloud jacking. This type of tool can monitor device access to your cloud accounts, keep out unauthorized devices, and review cloud applications for potential security risks.

Are Your Cloud Security Settings Optimized?

Misconfiguration of cloud security settings is one of the big enablers of cloud jacking. Copperband Technologies can help your southern Kentucky or Middle Tennessee business review and improve your cloud security to prevent an account breach.

Contact us today to schedule a consultation! Call 931.263.8000 or email us.