Here's How Hackers Took a Weak Cloud Password and Used It to Hijack the Entire Network in Just 2 Days

Do you sometimes receive odd messages from your colleagues at work? Maybe those emails come with outgoing links that you are urged to click? That could be a start of a hacking attempt, and if you receive such odd messages, you have to inform your IT department about it at once. With most organizations employing cloud services and having their employees connected into one common network, cloud password security and secure cloud authentication methods have never been more important.

In this entry, we would like to draw your attention to one case where hackers exploited weak cloud passwords and hijacked an entire network in a span of just a few days. We hope that you and your organization can take this case as an example, where you can draw conclusions about cloud password security. Afterwards, we will also give you a few tips on how to ensure you employ secure cloud authentication methods.

How Holmium hijacked an entire network

First, we would like to draw your attention to the fact that we’re in the midst of an ongoing cyberwarfare It might not be that obvious because most of the action happens in the cyberspace, but these acts can make an impact on our daily lives, too.

The malicious cloud network takeover that we want to talk about can also be considered part of cyberwarfare because, according to Microsoft, the attack was carried out by a state-backed hacker group. The group is called Holmium, and it is often associated with Iran. This group is often cited responsible for various espionage attacks that target companies that deal with defense, mining, aerospace, and other important spheres.

In order for a hacker group to break into a system, they have to use some sort of an attack vector. There are multiple attack vectors out there, and usually, hackers choose the most vulnerable component of a security system for that. Unfortunately, cloud password is the attack vector that was used by Holmium in their attack last summer.

How and why cloud passwords happened to be the weakest link that ended up being exploited by hackers? That happened because the companies attacked didn’t implement the basic measures of cloud password security. They didn’t use strong passwords, and they also weren’t inclined to enable multi-factor authentication.

Now, Holmium may have many ways to gain access to the target system. It could use spear-phishing attacks or password spraying to find vulnerabilities and exploit them. Password spraying refers to using the most popular and well-known passwords across different accounts, hoping that they will work. Unfortunately, password spraying is a lot more efficient than it should be because any network still has users that use default or simple passwords for their accounts. So, if any of the passwords used during password spraying fits, hackers gain access to the cloud system.

As far as the Holmium group is concerned, once they have cracked a weak cloud password, they tend to employ a penetration testing tool called Ruler. This tool is designed to give the hackers control over the compromised computer. From there, it is up to the hackers what they want to do next. The point is that if at least one account that has access to the cloud network is breached, hackers can gain access to the entire network. And through the cloud, they can hack the entire domain. This is a very fast process, and it took the Holmium group just two days to do it.

Cybersecurity experts say that aside from cloud password security issues, there is also a lack of understanding that endpoint malicious activities and cloud access points could be directly related. In other words, organizations still lack awareness that hackers need just one stolen cloud identity to hack an entire network, and maybe even take down the organization’s domain.

What’s more, hacker activities may differ from one compromised domain to another. These malicious actors could remain hiding in the network for a long time, stealing sensitive information and infecting more computers. Most of which could be prevented if organizations and end users understood the dangers of password spraying.

How to implement secure cloud authentication methods

Now that we have your attention, we would like to emphasize that protecting your organization’s cloud system from hackers is always a collective effort. You may have an IT security team in your company, but every single end user, every single employee also has to play a role in ensuring your network’s security.

Thus, you have to implement rigorous security rules, and you have to make sure that everyone follows them. You can start by ensuring that password spraying doesn’t affect your organization. Make it a must to employ strong and unique passwords.

The fastest and the most efficient way to achieve that is by using a password manager. You can try out the Cyclonis Password Manager 30-Day trial and see whether the tool fits your needs. It can generate multiple unique passwords for every single account on your cloud network, and it can also help you store them, too. So, if anyone is still using password12345 or their birthday sequence to access your cloud network, you can change that now with a password manager tool.

Also, no matter how strong a password is, it will never be enough to fully protect your account and your network. Like you put multiple locks on your door, there should be several locks on your cloud network, too. Therefore, if your cloud service provider provides the function, you should definitely enable multi-factor or two-factor authentication, thus putting more hurdles in the hackers’ way.

All in all, the bigger an organization is, the more weak links and entry points it may have. Your IT team should recognize the potential threats and make it a point to educate your employees about the risks, too. State-backed hackers are real, and if you don’t want your network completely taken over in just a few days, you have to take all the cybersecurity recommendations seriously.

By Foley
December 9, 2020
December 9, 2020
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.