Cloud-Based Fraud – How Serious Is The Problem?

Advertise on CloudTweaks

Cloud-Based Fraud – How Serious Is The Problem?

Cloud services have brought untold benefits to both personal users and businesses around the world, but with its success has come a darker side – as the cloud unquestionably helps criminals commit fraud and other illegal activities.

Why does it Happen?

The cloud’s key benefits, such as rapid elasticity, on-demand provisioning, high availability and competitive pricing, are all equally as appealing to cybercriminals as to ordinary users.

Cloud-Based Fraud – How Serious is the Problem?

Cloud services are easy to purchase, can be reasonably anonymous, and can be controlled from anywhere in the world. Jeff Spivey, International Vice President of ISACA (an independent, non-profit, global association that engages in the development, adoption and use of globally accepted information systems knowledge and practices) says, “All of the advantages of the cloud for enterprises are [also] the advantages for the bad guys”. Adding “It’s the anonymity and scale that’s attractive to the fraudsters”.

How does it Happen?

There are many different routes open to a cybercriminal. From phishing schemes and money-transfer scams to identity theft and malware – each has its own dangers and requires its own prevention methods.

For a would-be criminal, the process is easy. Research suggests that stolen credit cards can be obtained on the black market for as little as one dollar. Once a criminal has a card it only takes a matter of minutes to sign up online and take control of their own server. The server will have been purchased using a stolen identity on a stolen card without physically talking to anyone from the service provider itself – it’s almost the perfect crime.

Raj Samani, Vice President and Chief Technology Officer of McAfee, also points out that despite the vast resources dedicated to protecting customer data by cloud providers, for a criminal it can still be easy to hack a legitimate customer account. “They use the VMs to use for their own fraudulent activities” says Raj. “Cybercriminals are now looking to Infrastructure as a Service to provide vast amounts of on-demand processing power to launch distributed-denial-of-service attacks”.

Banking Fraud in the Cloud

One of the most high profile fraud cases in recent years is that of ‘Operation High Roller’. An international criminal ring targeted wealthy people and commercial accounts across European banks, with McAfee estimating that anywhere between $75 million and $2.5 billion was stolen.

The entire fraud was conducted through the cloud. The combination of remote servers and the criminals’ intimate knowledge of banking transaction systems made it possible to automate the theft, rather than simply stealing user names and passwords and manually transferring money from a computer.

The fraud started with an email disguised to look like it came from the recipient’s bank. Clicking on a link in the message downloaded the malware that would later steal the information needed to perform fund transfers. Commenting on the attack, Dave Marcus, Director of Advanced Research and Threat Intelligence at McAfee, said “You can’t make a fraudulent transaction look like a valid transaction, if you don’t know what you’re doing, and these guys know what they’re doing”.

Detecting and Protecting

There is a fine line between balancing customer privacy concerns and preventing illegal activities. As result, cloud providers have spent huge sums on developing systems that monitor how customers use the service without monitoring the actual data. As soon as large scale fraud is detected the information is passed to the relevant authorities.

The difficultly for providers is not being over-zealous with their detection software. Customers who are regularly prevented from using the service the way they want because the provider wrongly assumes there is criminal activity will quickly get disenfranchised with the cloud and look to alternative methods of storage.

What do you think? Have you been a victim of cyber-fraud? Do you receive regular attempts to phish your details via email? Let us know in the comments below.

By Daniel Price

Daniel Price

Daniel is a Manchester-born UK native who has abandoned cold and wet Northern Europe and currently lives on the Caribbean coast of Mexico. A former Financial Consultant, he now balances his time between writing articles for several industry-leading tech (CloudTweaks.com & MakeUseOf.com), sports, and travel sites and looking after his three dogs.

CONTRIBUTORS

5 Recommendations for Effective Governance, Risk and Compliance Management

5 Recommendations for Effective Governance, Risk and Compliance Management

Effective Governance, Risk and Compliance Cloud adoption continues to grow, which is evident from the fact that annual 2016 revenues ...
Uh – Oh! Is This the Year of the Tipping Point for You?

Uh – Oh! Is This the Year of the Tipping Point for You?

Cloud Tipping Point One survey says most workloads are still in on-premise data centers. Another analysis says it’s all going ...
73% of Executives Are Researching & Launching IoT Projects

73% of Executives Are Researching & Launching IoT Projects

New IoT Projects Manufacturing-based IoT connections grew 84% between 2016 and 2017, followed by energy & utilities (41%). 73% of ...
How IoT and OT collaborate to usher in the data-driven factory of the future

How IoT and OT collaborate to usher in the data-driven factory of the future

The Data-driven Factory The next BriefingsDirect Internet of Things (IoT) technology trends interview explores how innovation is impacting modern factories and supply chains ...
Academia is on the Ropes but is Reluctant to Change. Why are Most of Them Digital Dinosaurs?

Academia is on the Ropes but is Reluctant to Change. Why are Most of Them Digital Dinosaurs?

“Moving a university is like moving a cemetery—you can’t expect any help from the inhabitants,” says Barb Oakley, Ph.D. Higher ...
Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and ...
A Resilient Cloud Strategy: Standardize or Diversify?

A Resilient Cloud Strategy: Standardize or Diversify?

A Resilient Cloud Strategy Over the past few years, I have seen IT organizations adopt cloud in very different ways ...
Cross-Site Scripting - Why Is It A Serious Security Threat For Big Data Applications?

Cross-Site Scripting – Why Is It A Serious Security Threat For Big Data Applications?

Security Threat And Big Data Applications IBM, Amazon, Google, Yahoo, Microsoft - and the list goes on. All these leading ...

NEWS

Cisco to buy BroadSoft in $1.9 billion deal

Cisco to buy BroadSoft in $1.9 billion deal

(Reuters) - Cisco Systems Inc (CSCO.O), the world’s largest networking gear manufacturer, said it will buy U.S. telecommunications software company ...
CIOs Cutting Through the Hype and Delivering Real Value from Machine Learning, Survey Shows 

CIOs Cutting Through the Hype and Delivering Real Value from Machine Learning, Survey Shows 

New survey reveals progressive CIOs tap machine learning to solve everyday work problems SANTA CLARA, Calif. – October 17, 2017– A ...
Cisco Unveils Industry's First Predictive Services Powered by AI

Cisco Unveils Industry’s First Predictive Services Powered by AI

New offerings designed to manage growing technical skills gap through unique expertise, intelligence and automation SAN JOSE, CA--(Marketwired - Oct ...

NEWSLETTER SUBSCRIBE

CloudTweaks has been a prominent influence covering cloud technologies since 2009. We have worked and continue to work with a tremendous number of writers, contributors and partners throughout the world – all of whom provide insights into the cloud business community. This information is provided to our Newsletter subscribers on a weekly basis - free of charge.

Subscribe to receive our weekly collection of Best of Thought leadership, Technology news, Tweaks, Curated resource links, Exclusive promotions and our popular Comic series.

Something went wrong. Please check your entries and try again.