Data stolen using public cloud infrastructure

Dirk Schrader, Global VP of Security at Netwrix has provided the following comment outlining how this malware works, who is in danger, detection tips as well as preventative measures.

“An ongoing malware campaign recently documented by Cisco’s Talos Group, abuses the public cloud infrastructures of the likes of Amazon’s AWS and Microsoft’s Azure cloud services. This ‘activity’ means that threat actors are moving towards a fully dynamic attack infrastructure with the intention to circumvent initial distribution and access detection in ways unseen so far. Cybersecurity professionals are calling for Microsoft and Amazon to step up protections from misused public cloud instances in their possession. This could only slow down the attackers as they will turn to hijacked infrastructure. Attackers distributing malware using phishing emails with malicious attachments is nothing new. Once the attachment in the phishing email is opened, the second stage of a malware campaign is to ‘get in’.

“While previous campaigns have been successfully thwarted at this stage, this one comes with a couple of new tricks. First of all, usage of a public cloud instances makes it difficult to dissect the malicious traffic from legitimate IP traffic to those cloud providers and solution providers using them. Moreover, this time the attackers also run a dynamic domain name scheme that is designed to render DNS based filters useless.

“Almost every organisation is at risk of being targeted by this kind of campaign, even if the one analysed by Talos seems to focus on North America, Singapore and Italy. It might be just a question of the wording and language used in the phishing emails being more successful in the affected regions. As the usual prevention methods are diminished with this campaign, organisations need to improve their abilities to detect the activity of attacker that happen in the third stage of a malware attack: ‘get ready’.

“Talos’ analysis describes in detail the methods used to connect to the cloud instances and download additional resources from them. That resource, known as remote access trojan, RATs, namely NanoCore, NetWire or AsyncRAT is downloaded using Powershell commands, which marks the first detection point to keep an eye on. Any use of Powershell by a regular user should be monitored, if not disabled by group policy security settings. If such activity is detected, an organisation can execute on pre-defined remediation steps like roll backs or it can quarantine the affected system to prevent further spread. Should that not be in place, the following downloads and change in registry setting related to those RAT malware strains can be detected using a file integrity monitoring solution.

“This campaign also shows an initial confirmation of one of our team’s highlighted cyber security trends for 2022 that attackers will use hijacked infrastructure like unmanaged devices in home networks, being much easier to infect with malicious software than a professionally secured enterprise IT environment. With processing power and bandwidth connectivity in residences increasing, home networks will become more attractive to bad actors. For example, by infecting many devices, they will be able to change IP addresses or even domain names dynamically during malware campaigns, thwarting common defences like IP blocking and DNS filtering. IT teams should keep this new threat vector in mind when reviewing their security strategies and incident response plans as described above. Moreover, the IT industry should seek to increase user awareness and best practices adoption to reduce the number of ‘easy victims’.”

 

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]

Georgina Turner image

Georgina Turner

Sales Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Graphic displaying a lockdown solution

Netgenium debuts next gen display and touchscreen technologies

Power-over-Ethernet (PoE) solutions specialist Netgenium will be showcasing its new range of IP…

ICT® Launches New TSL Access Reader Series

Integrated Control Technology (ICT®), a leading manufacturer of intelligent access control and…
Image Provided by Paxton

Paxton Partners with Skills for Security

The security technology manufacturer Paxton is proud to announce a partnership with Skills for Security…
Image Provided by ICT

ICT and Ingram Micro sign distribution agreement MEA

Integrated Control Technology (ICT), award-winning global manufacturer of intelligent electronic access control and security solutions..
Image Provided by Toshiba

Toshiba launches new HDD Innovation Lab

Toshiba Electronics Europe GmbH (Toshiba) has inaugurated a new HDD Innovation Laboratory (HDD Innovation Lab) at its site in Düsseldorf..
Image Provided by Verkada

Verkada Doubles Down on the Channel with Strategic New Hire

Verkada, a leader in cloud-based physical security, today announced the appointment of Micah Deriso as Head of Global Channel…
Image Provided by IPSA

IPSA Appoint Frontline Hero as Ambassador

Abdullah, the courageous security officer praised for foiling a horrific knife attack at Leicester Square, has been appointed as…
Image Provided by Codelocks

New Surface Latch from Codelocks

Codelocks is expanding its Gate Solutions by Codelocks range with the introduction of the new Codelocks’ Surface Latch…
Image provided by Genetec

Nicholas Smith to Lead Genetec UK and Ireland Operations

Genetec, provider of enterprise physical security software, announced the appointment of Nicholas Smith as its new Regional Sales Director…

News Desk

View all the latest, product, project and people news

News Desk

Click Here

Technology News

Keep up-to-date with the latest product innovation

Technology News

Click Here

Industry Sectors

Discover technology in action in all applications

Industry Sectors

Click Here

Enter The Awards

Showcase personal or organisation excellence

Advertise With Us

Reach decision makers and amplify your marketing

Advertise With Us

Click Here
Scroll to Top