Cloud qualities that have enticed cyber criminalsCloud qualities that have enticed cyber criminals

Cloud providers have attracted many enterprise as well as consumer classcustomers with the promise of rapid elasticity, on-demand provisioning anda pay as you use pricing model. However, there is just one big loomingproblem – These are very qualities that have enticed cyber criminals to targetcloud services as well.Some of the main advantages of the cloud for enterprise customers are –? Drive down costs: Enterprise users can avoid large capital expenditureon hardware and upgrades. Cloud also improves cost efficiency bymore closely matching the cost pattern to the revenue/demand pattern.? Coping with the demand: As your business grows, a cloud environmentcan also easily grow. Moreover, when demand is unpredictable, theability spin capacity up or down, while paying only for what is beingused is remarkable.? No worries regarding IT management: Monitoring IT infrastructure 24/7is time consuming and expensive especially when someone has abusiness to operate. With a cloud service, one can rest easy that theIT is being managed by the cloud provider.? Innovating and leading: Business requirements can be ever changing,this means that the IT infrastructure has to be flexible as well. It maybe hard to keep abest with the technology. However, the cloud providerwill handle this in case of cloud based computing.? Future-proof one’s business: There is an unprecedented demand foraccess to data and services anywhere, any time and on any device.This means that, even business have to follow it. By using the cloud,business can easily embrace the new mobile world.When the advantages for using the cloud are so high, so are the stakes thatcome along with it. The cloud-based companies are targeted for the preciousdata that they host.Without proper cloud-based fraud detection and prevention practices inplace, cloud providers can become unwitting hosts for lurking cybercriminals.It is a threat that can expose these cloud-based service providers to manyproblems, such as –? Legal liabilities? Profit loss? BlacklistingThere are often many different routes open to a cybercriminal for targetingthese cloud-based service providers. They range anywhere from –? Phishing schemes? Money-transfer scams? Identity theft? MalwareEach of the above-mentioned way has its own dangers and requiresits own prevention methods.For a cyber criminal, the process is indeed quite easy. Research suggeststhat stolen credit cards can be obtained on the black market or the dark webfor as little as one dollar. Once a criminal has a card it is only a matter ofminutes to sign up online and take control of their own server. The server willhave been purchased using a stolen identity on a stolen card withoutphysically talking to anyone from the service provider itself. Tracking thesekinds of fake purchases is the hardest.The servers that are bought with the fake card and identity can be used forcryptocurrency mining or for running a bot net. The avenues are unlimited.The entire fraud committed will be through the cloud and will be hard to track.There is also the case of the cloud-based service provider screwing up thingsand letting out customer data. The discussions about cloud security havefocused primarily on the customer side of the equation. Even as cloudproviders continue to devote the resources necessary to ensure thatcustomer data is secure, they can’t overlook the fact that some of their owncustomers could be a threat. Consider the case of the data breach with AppleiCloud, millions of sensitive customer information was made public. This wasa big blow for Apple.Fraud manifests in the cloud in several ways, according to experts. Typically,fraudsters use a stolen credit card to procure virtual machine (VM) instancesor platform services on which they build their operations. Some of the popularones are –? Phishing schemes? Money-transfer scams? Identity theft? MalwareIn some cases, criminals skip the stolen credit cards altogether and insteadcrack into a legitimate customer’s account, hijacking the VMs to use for theirown fraudulent activities. Cybercriminals are also looking to Infrastructure asa Service to provide vast amounts of on-demand processing power to launchDDOS attacks and as such. Things such as ping of death are also notuncommon.Although fraud may not be the gravest security threat cloud providers face,ignoring it jeopardizes their companies in several ways.From a purely financial perspective, any revenue gained from a stolencredit card is likely to evaporate quickly, thanks to the sophisticated frauddetection systems banks and credit card companies now use. The realdamage comes from the revenues cloud providers never see fromlegitimate customers because the hundreds of VMs they would have paidto access have been tied up by the fraudsters.Moreover, cloud providers that don’t commit resources to fraud detectionand prevention could ruin their reputation. They will have to say goodbye toany chance at engaging enterprise customers.Enterprises are also likely to block IP addresses from which spam andother suspicious activity originate, unintentionally blacklisting the cloudproviders that host them.