Cyberattacks Rain Down on Cloud Computing Infrastructure, Microsoft Warns


Hurricanes, blizzards, derechos, and tornadoes can wreak havoc on a company’s physical infrastructure, causing serious monetary damage. Companies and insurers that include long-term weather forecasting in their risk analysis may want to consider another threat. Corporate leaders need to be aware that there is a massive cybersecurity storm threatening U.S. technology companies and those that rely on their services. 

Companies that rely on cloud computing services, such as Microsoft Corp.’s Azure, are increasingly facing cyberattacks and phishing schemes as cybercriminals learn more sophisticated measures to gain valuable data, according to Microsoft’s most recent Security Intelligence Report. Cyberattacks on Microsoft’s cloud-based user accounts have increased 300 percent from Q1 2016 compared to Q1 2017, the report said. Additionally, attempted fraudulent log-ins from malicious internet protocol (IP) addresses increased 44 percent in the same period, it said. 

Many of the cloud-targeted cyberattacks are linked to home-grown U.S. threats, but they also come from nation-state actors such as China, Microsoft said. According to the report, two-thirds of the attacks on Microsoft’s Azure web service in Q1 2017 came from internet protocol addresses in the U.S. (35.1 percent) and China (32.5 percent). South Korea is third on the list, accounting for only 3.1 percent of the attacks with 116 other countries following behind, it said. 

Cyberattacks from other nation-states, however, can be equally destructive and account for many of the other attacks on tech companies, political entities, and news organizations. Cyberattacks linked to North Korea, Russia, Syria, and other countries have become more prevalent in recent years. Attacks on Sony Pictures Entertainment Inc., the Democratic National Committee, the New York Times Co., and even the U.S. Army illustrate the cybersecurity risk to U.S.-based companies and organizations. 

Cloud-based services aren’t the only technology systems under attack. Recent large scale ransomware-like attacks, including Petya and WannaCry, struck at the core of many multinational companies and organizations including Oreo-maker Mondelez International Inc., shipping magnate A.P. Moller-Maersk A/S, and international law firm DLA Piper. 

Companies in the U.S., however, fared much better in ransomware attacks than their European counterparts, the report said. These attacks hit European companies at a higher rate than the rest of the world. Companies and organizations located in the Czech Republic (0.17 percent), Italy (0.14 percent), Hungary (0.14 percent), and Spain (0.14 percent) saw the largest amount of ransomware encounters, the report said. But, Japan (0.012 percent), China (0.014 percent) and the U.S. (0.02 percent) were hit at the lowest rate, it said. 

Although Microsoft said in a recent blog that it invests $1 billion annually on cybersecurity, it and other industry partners may need to spend more if cloud-based and ransomware attacks continue to rain down.  

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.