Cloud Account Compromise and Takeover

Cloud account compromise is the act of maliciously gaining control over a legitimate user’s cloud-based email or collaboration service account giving the attacker wide-ranging access to data, contacts, calendar entries, email and other system tools. Beyond the compromised user’s data, the attacker can use the account to impersonate the user in social engineering attacks such as business email compromise (BEC) and more, both inside and outside of the organisation. Threat actors can access sensitive data, persuade users or outside business partners to wire money or damage an organisation’s reputation and finances. They can also install backdoors to maintain access for future attacks.