THE BLUEPRINT

Cloud Account Compromise and Takeover

As business assets have moved to the cloud , cyber attackers have followed close behind . Starting with hosted email and webmail , cloud productivity apps like Office 365 and Google Workspace , and on to cloud development environments like AWS and Azure , cyber criminals have prized account credentials and made them the target of countless phishing campaigns . And with single sign-on giving lateral access to many different systems within an organisation , a single compromised account can cause widespread damage . to data , contacts , calendar entries , email and other system tools . Beyond the compromised user ’ s data , the attacker can use the account to impersonate the user in social engineering attacks such as business email compromise ( BEC ) and more , both inside and outside of the organisation . Threat actors can access sensitive data , persuade users or outside business partners to wire money or damage an organisation ’ s reputation and finances . They can also install backdoors to maintain access for future attacks . �