top of page

'Unlocking' the Vulnerability of Cloud Providers

Cloud computing giant Citrix disclosed that they suffered a data breach in March 2019 which they believed were done by Iranian hackers in a group called IRIDIUM. Citrix provides cloud services to the U.S. military through its Shared Services Centre and is one of the Department of Defense’s approved vendors.

The Iranian hackers appeared to have forced their way in with a tactic known as password spraying, a technique that exploits weak passwords. The attack followed a typical pattern of first gaining access to poorly-secured lower-level accounts to open up broader access to the network. Once they gained a foothold with limited access, they worked to circumvent additional layers of security.

Cloud storage is, by its nature, secured from various cyber attacks and even natural disasters. It also offers a way to backup and restore data.  This makes cloud storage an excellent option for securing data against cybercrime. 

This attack against Citrix exposed the bare truth that nothing is safe from hackers or hackers group, be them operating alone or in a group or on behalf of nation states.

In line with what the government in the United States, Britain and Australia have done, the Japanese government has recently announced that they are planning to introduce a system with defined security standards to certify the safety of online cloud data storage services with plans to introduce the full system in 2020. The introduction of this measure apparently is to complement the Japanese government's moves to encourage government-linked institutions to use cloud services.

As an increasing number of companies are adopting cloud storage services as an efficient means of data management that saves the time and effort that in-house information systems require, organisations should be made aware of the vulnerability of cloud systems from cyber-attacks too. 


bottom of page