Security Market Segment LS
Friday, 15 March 2019 12:04

China, Nigeria major sources of cloud application attacks: report Featured

China, Nigeria major sources of cloud application attacks: report Image courtesy of Stuart Miles at

China was the second most prevalent country of origin, behind Nigeria, for cloud application attacks originating in the first quarter of 2019, with 26% of global attacks coming from Chinese IP addresses, according to a newly released security report.

The quarterly report from cyber security and compliance company Proofpoint reveals that overall cloud application attack attempts aimed at global organisations increased by 65% during that time period, with 40% originating in Nigeria.

Proofpoint released its report after examining more than 100,000 cloud application attacks aimed at global organisations between September 2018 and February 2019.

According to Proofpoint, cloud application attacks use intelligence driven brute-force techniques (to crack passwords) and sophisticated phishing methods to lure victims into clicking and revealing their authentication credentials to break into cloud applications including Microsoft Office 365 and Google G Suite.

“If successful, attackers often increase their foothold in organisations by spreading laterally through internal phishing messages to infect additional users, access confidential information, and fraudulently route funds,” Proofpoint warns.

“As organisations continue to move their mission-critical business functions to the cloud, cyber criminals are taking advantage of legacy protocols that leave individuals vulnerable when using cloud applications,” said Ryan Kalember, executive vice-president of Cyber Security Strategy for Proofpoint.

“These attacks are laser-focused on specific individuals, rather than infrastructure, and continue to grow in sophistication and scope. As a best practice, we recommend that organisations establish a cloud-first approach to security that prioritises protecting employees and educates users to identify and report these advanced techniques and methods.”

Proofpoint reports that it found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts. “This industry, and students especially, are highly vulnerable due to their remote nature,” Proofpoint notes.

Brute-force cloud app attack findings reported by Proofpoint were:

  • IMAP-based password spraying attacks are the most popular and extensive technique used to compromise Microsoft Office 365 accounts. These attacks occur when cyber criminals attempt common or recently leaked credentials across many different accounts at the same time.
  • Most brute-force attacks originated in China (53%), followed by Brazil (39%), and the US (31%).
  • Over 25% of examined Office 365 tenants experienced unauthorised logins and over 60% were actively targeted. Overall, the success ratio in Q1 2019 was 44%

Phishing cloud app attack findings

  • Most phishing cloud app attacks originate from Nigeria (63%), followed by South Africa (21%), and the US via VPNs (11%).
  • Attackers will often modify email forwarding rules or set email delegations to maintain access. They will also use conspicuous VPN services to bypass conditional access and geolocation-based authentication.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).



Recent Comments