More and more businesses are embracing cloud services to improve employee collaboration, streamline operations and engage customers. With these new benefits come with new risks for WordPress Security, including accidental sharing, credential theft and unsafe third-party app add-ons. These are the top trends:
• From all successful login attempts to cloud services, almost 25% of all were suspicious.
• Hundreds of thousands of SaaS account credentials have been in leaked, across all industries.
• Roughly half of all cloud app users have installed third-party add-ons. About 18% of these add-ons have access to email and files.
• Around 60% of cloud service users, including 37% of privileged users, did not have a password policy or multi-factor authentication enforced.
Since users are accustomed to frequent email notifications from all cloud services and apps, attackers are using these services to send malicious messages and host malware. These attacks are hard to identify for users and WordPress Security solutions because they come from legitimate services and platforms.
• No major cloud services avoided abuse. For example, threat actors used Microsoft SharePoint to host malware distributed in millions of messages across hundreds of campaigns throughout 2017.
• Other services, ranging from GSuite to Evernote, were used to send phishing emails and malware.
• Most cloud platforms are extensible. Third-party add-ons open up new features, but they also create possibilities for abuse. These created vulnerabilities via Google Apps Script, that allowed attackers to send malware through legitimate emails that came from personal and business GSuite accounts.
WordPress Security Recommendations:
• The sheer volume of cloud apps and services — many of them useful and safe — makes visibility into WordPress Security and security compliance risks difficult. Be especially mindful of third-party add-ons that connect to popular business apps; they may host threats or misuse your data. DYNAMIC DETECTION solutions can identify potential risks, unusual activity and emerging threats. Dynamic detection identifies new WordPress Security threats based on the actions of suspect attachments, clicked URLs, network traffic, logins, data transfers and other behavioural factors.
• Assess cloud apps and users based on objective, people-centred, risk-aware scoring measures. Find potential data compromises, compliance violations and more. After these precautions, deploy services to monitor ongoing WordPress Security and compliance risks that come with cloud apps.