ZCZC
BFF-42
US-IT-CRIME-HACKING
60% of major US firms have been hacked in cloud: study
WASHINGTON, Sept 25, 2019 (AFP) – Hackers have penetrated cloud computing
networks of some 60 percent of top US companies, with virtually all industry
sectors hit, security researchers said Tuesday.
Researchers at the enterprise security firm Proofpoint said they detected
over 15 million unauthorized login attempts to cloud computing networks of US
Fortune 500 firms in the first six months of 2019, of which 400,000 were
successful.
“While it only takes one compromised account to achieve wide-ranging
effects in an organization, attempted unauthorized logins were pervasive
across industries,” Proofpoint researchers said in a blog post.
In analyzing some 20 million user accounts in more than 1,000 cloud
deployments, the study found 92 percent of the Fortune 500 companies surveyed
were targeted by cyber attacks.
It found 60 percent of the companies had allowed attackers into their
cloud networks and six percent had an unauthorized login to an executive
account.
Attackers appeared to target all sectors, the researchers said, but
appeared to be more successful in education and food and beverage sectors.
Regulated industries such as healthcare and financial services fared better,
with “significantly lower rates of successful attacks,” Proofpoint said.
Sales representatives and managers appeared to be most frequently
targeted, possibly because their emails tend to be publicly available and
their positions give them wide-ranging access.
Proofpoint said when attackers gain access, this often leads to “lateral
expansion” — such as spamming or phishing to get even deeper access to
networks, and “large credential dumps” that can allow more cybercriminals to
access the compromised networks.
BSS/AFP/ARS/1920 hrs