Malware Campaigns use Public Cloud Infrastructures
Cloud Infrastructures have been gaining considerable momentum in attracting and hosting applications and services. They are especially suited for startups and sizing. Applications can be rolled-out faster than setting-up a native infrastructure.
Nevertheless, the ease by which one can setup a legitimate operation can be used for illicit purposes as well!
Cisco Talos Intelligence reports that Threat actors are increasingly using cloud technologies to achieve their objectives, without having to resort to hosting their own infrastructure. Various cloud services like Azure and AWS allow attackers to set up their infrastructure fast and connect to the internet with minimal time or monetary commitments. It also makes it more difficult for defenders to track down the attackers’ operations. Remember that Cloud Services are situated exactly where their name implies : In the Cloud!
The threat actor in the cases analyzed by Talos used cloud services to deploy and deliver variants of commodity RATs with information stealing capability (on or around Oct. 26, 2021). These variants of Remote Administration Tools (RATs) are packed with multiple features to take control of the victim’s environment and to execute arbitrary commands remotely.
The end result would be that attackers can eventually steal the victim’s information.
http://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html
Organizations should be vigilant in inspecting outgoing connections to cloud computing services and watch for malicious inbound/outbound traffic.
Malware photo created by DCStudio – www.freepik.com