To all those who think cloud infrastructure as a ‘Safe Heaven’ from cyber attacks, here’s an alert issued by Microsoft. In its recently released Security Intelligence Report Volume 22, the software giant has disclosed that hackers are nowadays hitting targets secured on the cloud.
The Redmond giant has declared that a threat scenario is being created on the cloud, as hackers are weaponizing one or more virtual machines to compromise an entire cloud infrastructure.
Microsoft adds in its report that compromised virtual machines are then being used to launch attacks, including brute force attacks, against other virtual machines, spam campaigns to launch email phishing and reconnaissance such as port scanning to identify new attack targets and other malicious activities.
Microsoft’s Azure Security Center report witnessed a number of outbound attack attempts in its observation made in Q1 this year. The attack surface includes the effort to establish communications with malicious IP addresses and Remote Desktop Protocol called Brute Force attempts.
The world renowned software giant found that attackers are using compromised cloud platforms to spew spam(19%), launch port scanning attacks(3.7%) and try to brute force their way past SSH (Secure Shell) protections
In its Security Center Services report, Microsoft clearly mentioned that the attacks were originating from malicious IP addresses coming from China (89%), Korea (1%) and United States (4.2%).
The Operating system giant has also mentioned in its survey that attackers are using cloud infrastructure as launch pads to attack PC users with ransomware. On a further note, the company’s security researchers also warned that hackers can also compromise both personal and business cloud accounts
The security report states that a 300% increase was seen in Microsoft cloud based user accounts attacked year-over-year between Q1-2016 to Q1-2017.
Therefore, Microsoft is urging the IT departments of corporate firms to implement risk based conditional access strategies, whereby they can restrict access to trusted devices and/or IP addresses, mitigating the risk of weak or compromised credentials.