Cloud-Based Fraud – How Serious Is The Problem?

Cloud-Based Fraud – How Serious Is The Problem?

Cloud-Based Fraud – How Serious Is The Problem?

Cloud services have brought untold benefits to both personal users and businesses around the world, but with its success has come a darker side – as the cloud unquestionably helps criminals commit fraud and other illegal activities.

Why does it Happen?

The cloud’s key benefits, such as rapid elasticity, on-demand provisioning, high availability and competitive pricing, are all equally as appealing to cybercriminals as to ordinary users.

Cloud-Based Fraud – How Serious is the Problem?

Cloud services are easy to purchase, can be reasonably anonymous, and can be controlled from anywhere in the world. Jeff Spivey, International Vice President of ISACA (an independent, non-profit, global association that engages in the development, adoption and use of globally accepted information systems knowledge and practices) says, “All of the advantages of the cloud for enterprises are [also] the advantages for the bad guys”. Adding “It’s the anonymity and scale that’s attractive to the fraudsters”.

How does it Happen?

There are many different routes open to a cybercriminal. From phishing schemes and money-transfer scams to identity theft and malware – each has its own dangers and requires its own prevention methods.

For a would-be criminal, the process is easy. Research suggests that stolen credit cards can be obtained on the black market for as little as one dollar. Once a criminal has a card it only takes a matter of minutes to sign up online and take control of their own server. The server will have been purchased using a stolen identity on a stolen card without physically talking to anyone from the service provider itself – it’s almost the perfect crime.

Raj Samani, Vice President and Chief Technology Officer of McAfee, also points out that despite the vast resources dedicated to protecting customer data by cloud providers, for a criminal it can still be easy to hack a legitimate customer account. “They use the VMs to use for their own fraudulent activities” says Raj. “Cybercriminals are now looking to Infrastructure as a Service to provide vast amounts of on-demand processing power to launch distributed-denial-of-service attacks”.

Banking Fraud in the Cloud

One of the most high profile fraud cases in recent years is that of ‘Operation High Roller’. An international criminal ring targeted wealthy people and commercial accounts across European banks, with McAfee estimating that anywhere between $75 million and $2.5 billion was stolen.

The entire fraud was conducted through the cloud. The combination of remote servers and the criminals’ intimate knowledge of banking transaction systems made it possible to automate the theft, rather than simply stealing user names and passwords and manually transferring money from a computer.

The fraud started with an email disguised to look like it came from the recipient’s bank. Clicking on a link in the message downloaded the malware that would later steal the information needed to perform fund transfers. Commenting on the attack, Dave Marcus, Director of Advanced Research and Threat Intelligence at McAfee, said “You can’t make a fraudulent transaction look like a valid transaction, if you don’t know what you’re doing, and these guys know what they’re doing”.

Detecting and Protecting

There is a fine line between balancing customer privacy concerns and preventing illegal activities. As result, cloud providers have spent huge sums on developing systems that monitor how customers use the service without monitoring the actual data. As soon as large scale fraud is detected the information is passed to the relevant authorities.

The difficultly for providers is not being over-zealous with their detection software. Customers who are regularly prevented from using the service the way they want because the provider wrongly assumes there is criminal activity will quickly get disenfranchised with the cloud and look to alternative methods of storage.

What do you think? Have you been a victim of cyber-fraud? Do you receive regular attempts to phish your details via email? Let us know in the comments below.

By Daniel Price

About Daniel Price

Daniel is a Manchester-born UK native who has abandoned cold and wet Northern Europe and currently lives on the Caribbean coast of Mexico. A former Financial Consultant, he now balances his time between writing articles for several industry-leading tech (CloudTweaks.com & MakeUseOf.com), sports, and travel sites and looking after his three dogs.

Find out more
View All Articles

Sorry, comments are closed for this post.

Is Bigger Better? Not with the Cloud on Your Side

Is Bigger Better? Not with the Cloud on Your Side

Is Bigger Better? Growing up, bigger almost always equated to better. The bigger kid hit the baseball farther, threw the ball faster, shot the hockey puck harder and usually won the fight. In school, we were taught that larger companies were better than the smaller ones. Bigger, meant better economies of scale, more market share…

Is Your Corporate Data Appearing On Personal Clouds?

Is Your Corporate Data Appearing On Personal Clouds?

Corporate Data Appearing On Personal Clouds Enterprise cloud adoption has led to cloud consumerization, but how safe is any personal cloud? Remember when you’d join a company and they’d issue a desktop computer and corporate-issued cell phone? And remember all the company’s data was stored in a server on-site at the company? It’s fair to…

Are you SURE you are ready for the cloud?

Are you SURE you are ready for the cloud?

Ready For The Cloud? For several years now, people and organizations have been slowly but surely moving their data and applications to the cloud. Whether it is a local private cloud, Hybrid or a fully hosted one, they all have one thing in common: They are no longer tied to physical hardware. That is how…

‘Tis The Season To Be Deploying Sensors

‘Tis The Season To Be Deploying Sensors

Deploying Sensors Overhead the Christmas Drones are buzzing, delivering packages to the good girls and boys. Back at the main location people are analyzing the good and bad data collected over the year about each person. Data analytics that is creating a list, gathering all the data and then checking the data on that list…

Hot Emerging Trends – The Pizza Delivery Drone

Hot Emerging Trends – The Pizza Delivery Drone

The Pizza Delivery Drone Recently, drone delivery systems have been discussed as future state plans for many vendors. I personally think the traceable IoT-based pizza delivery drone is the next big thing. If you think about it, your pizza makes it to your house much faster. Since the drone carries both a temperature and a…

Knots And Cloud Service Providers

Knots And Cloud Service Providers

How Do These Two Compare? In Boy Scouts, I learned how to tie knots. The quickest knot you can tie is the slipknot. It’s very effective for connecting one thing to another via the rope you have. It was used in setting up tents, mooring boats to docks temporarily and lifting your food up into…

5 Tips For Building A High Growth IT Platform

5 Tips For Building A High Growth IT Platform

5 Tips For Building a High Growth IT Platform Building and maintaining today’s enterprise computing platforms is a lot more challenging than it was in the past. The competitive and fast moving nature of business requires a corporate network capable of meeting a company’s ever changing needs and requirements. For IT, this poses difficult challenges…

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Sponsor