How Proofpoint Defends Against Cloud Account Takeover

Cyber criminals are following businesses into the cloud. As more companies adopt hosted email and webmail, cloud productivity apps like Microsoft 365 and Google Workspace, and cloud development environments like AWS and Azure, cyber criminals have quickly learned that the basic corporate account credential is a potential source of money and power. They now target these credentials in growing numbers of threat campaigns. And their relentless efforts are just the opening salvos in their mission to execute wire fraud, industrial espionage, PII data theft and more.

A cloud account takeover starts with attackers compromising user credentials and gaining entry into user systems. These attacks often originate from email in messages that carry malware or trick users into providing their credentials. Once they take over an account, they can pose as legitimate or trusted persons within the user’s organisation. The infiltrators can move laterally and wreak widespread damage. They can steal or encrypt important data. They can also upload malware to use the sync-and-share capabilities between your endpoints, Microsoft 365 and other cloud repositories. From there, they can quickly spread across your organisation or download sensitive files to use for extortion.