Skip to main content

Bad actors exploit the sudden uptick in usage of Zoom, WebEx and Teams

(Image credit: McAfee)

McAfee has uncovered an exponential increase in threats targeting cloud services correlated with the increase in cloud usage, between January and April 2020.

External attacks on cloud accounts grew 630% from January to April and have seen a significant increase in cyber-attacks targeting cloud tools like Zoom, WebEx and Teams as organisations largely work-from-home initiatives.

Cisco WebEx, Zoom, Microsoft Teams and Slack saw an increase of up to 600% in usage, led by the education sector, during the Covid-19 pandemic.

Overall, enterprise adoption of cloud services spiked by 50%, including industries such as manufacturing and financial services that typically rely on legacy on-premises applications, networking and security more than others.

 “While we are seeing a tremendous amount of courage and global goodwill to overcome the Covid-19 pandemic, we also are unfortunately seeing an increase in bad actors looking to exploit the sudden uptick in cloud adoption created by an increase in working from home,” Rajiv Gupta, Senior Vice-President for Cloud Security at McAfee, said.

New security delivery models needed

(Image credit: McAfee)

(Image credit: McAfee)

Gupta said the risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behaviour. 

Mitigating this risk requires cloud-native security solutions that can detect and prevent external attacks and data loss from the cloud and from the use of unmanaged devices, he said and added that cloud-native security has to be deployed and managed remotely and can’t add any friction to employees whose work from home is essential to the health of their organisation.

Moreover, he said the attack trends emphasise the need for new security delivery models in the distributed work-from-home environment of today and likely the future.  

With cloud-native threats increasing in step with cloud adoption, he said that all industries need to evaluate their security posture to protect against account takeover and data exfiltration. 

“Companies need to safeguard against threat actors attempting to exploit weaknesses in their cloud deployments,” he said.