Phishing is one of the most common ways that cybercriminals gain access to sensitive data. While logins for online banking services are still a major prize, cybercriminals are now increasingly conducting phishing attacks on cloud storage providers. Software-as-a-service (SaaS) attacks have also soared.
A recent report from PhishLabs shows the extent to which cloud storage providers are being targeted. In 2013, cloud storage and hosting services accounted for 9% of attacks. By 2016, the percentage had risen to 23% of attacks. Attacks on SaaS providers barely registered in 2013. Now attacks account for 2% of the overall total. In 2016, phishing attacks on cloud storage providers increased by 5%, while attacks on SaaS providers increased by a staggering 182%.
According to PhishLabs, the reason for the increase in phishing attacks on cloud service providers is not necessarily to gain access to the data stored in cloud accounts, but to harvest credentials. Cloud storage providers and SaaS companies tend to use email credentials to authenticate users. This provides cybercriminals with an opportunity to harvest email addresses and their associated passwords. Those credentials are then used in password reuse attacks.
There has also been an exponential rise in online account attacks, which suggests that credentials are being harvested in phishing attacks on cloud storage services and they are being used to gain access to other online accounts. If online services allow users to authenticate themselves using their email login credentials, if those credentials are stolen, a wide range of other online services can be accessed.
Attacking organizations that allow authentication using email credentials is much easier than attacking the email service providers and the rewards are considerable.
So how are these attacks performed? Emails are sent containing a link to a file that has been shared with the recipient via Dropbox or Google Drive. When the link is clicked, the end user is directed to a spoofed site where they are required to enter their credentials – email addresses and their associated passwords – to view the file that has been shared. Entering in those details will disclose the information to the attackers. Those credentials can then be used to gain access to the victim’s email account, and all online services that allow the use of email credentials for authentication.
Unless cloud storage providers and other online firms change the way they authenticate users, they will be a target for cybercriminals. Given the ease at which email credentials can be harvested from cloud storage providers, and the value of the login credentials on the black market, phishing attacks on cloud storage services are sure to increase. PhishLabs predicts that phishing attacks on cloud storage services will overtake attacks on financial institutions in 2017.