Hackers are using cloud services offered by companies like Amazon and Microsoft to successfully distribute malware, such as remote access Trojans known as Nanocore, Netwire, and AsyncRAT, gaining access to systems and compromising information. Read all about this new method in this article.
Cloud services are the perfect tool for hackers
Using existing infrastructure is quickly becoming the preferred method for hackers, as they skip the part of having to create and maintain their own servers. In addition, by using other servers with the secure company seal, they can evade security controls, which gives them easy access to different systems and equipment.
Linked to this method is that popular platforms for chatting and sharing, such as Discord or Telegram, have found an infection chain whose purpose was to extract data from users’ computers and manage to command the systems. But now, they are not only using these platforms to spread malware, but they know that many users rely heavily on cloud services offered by different companies.
This has only generated great concern, but the pertinent corrective measures are already being taken. As Nick Biasini, head of outreach at Cisco Talos, points out: “There are several interesting aspects to this particular campaign, and it points to some of the things we commonly see used and abused by malicious actors.”
“From the use of cloud infrastructure to host malware to the abuse of dynamic DNS for command-and-control (C2) activities. Additionally, the layers of obfuscation point to the current state of criminal cyber activities, where it takes lots of analysis to get down to the final payload and intentions of the attack,” Biasini stated.
It all starts with a phishing email containing a zip file, which, when opened, starts an attack sequence that can affect a large part of the base system and the cloud service. Trojans, once installed, not only serve to give access to systems and, therefore, crucial information but can also be used for many more movements by attackers.
“Malicious actors are opportunistic and will always be looking for new and inventive ways to both host malware and infect victims,” Biasini said.
Definitely, no matter the technological advances, hackers will always be on the lookout to raise their movements. That is why, this time, those affected are cloud services. Who knows what the next targets of these cybercriminals will be? Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Facebook: Eagle Tech Corp
Instagram: @eagletech_corp
Twitter: @eagletechcorp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp
