Tuesday, December 8, 2020

Cloud Jacking and Multifactor Authentication Defenses



Working toward a BS at the University of Maryland, Wayne Nordstrom is an IT engineering specialist studying networks and cybersecurity. Wayne Nordstrom is interested in emergent technology threats, including cloud jacking.

Driven by the reliance on cloud computing, cloud jacking typically involves misconfiguration and is conducted via code injection. Such attacks can be introduced directly into the cloud platform’s code through SQL injection or third-party libraries using cross-site scripting. When users unknowingly download and execute the maliciously injected code, hackers are given various levels of control, including eavesdropping and the modification of sensitive data and files that have been placed in cloud storage.

One cloud-jacking safeguard that companies should take is multifactor authentication (MFA), which goes beyond simple passwords/PINs to require an additional factor, such as token, device, fingerprint, or facial scan. Companies are also setting up MFA with continuous authentication, which helps ensure that the same person who was first authenticated and identified at the gate continues to be the person using the system. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.