Unfortunately, CSA notes that phishing, fraud and exploitation of software vulnerabilities still produce results. With access to credentials and, subsequently, cloud accounts via these measures, your account or service instances may become a new base for the attacker. Avoid sharing of account credentials among users and services, and leverage two-factor authentication when possible, CSA recommends.