In a recent report by Insikt, security researchers have discovered that cybercriminals are increasingly using popular cloud storage platforms to hide their malicious traffic. This strategy allows them to bypass advanced security mechanisms and evade detection while carrying out illicit activities.
Hiding malicious traffic on cloud storage platforms is not a new concept, but threat actors are now shifting towards this method to improve their data theft efficiency and weaken security defenses. Advanced Persistent Threat (APT) groups are leading the way in exploiting this approach, followed by less advanced hacker groups. This highlights the need for robust and adaptable defense strategies to mitigate these evolving attacks.
The report also suggests a rising trend in the abuse of legitimate internet services (LIS) by threat actors, although limited reporting delays precise trend analysis. Researchers have identified some key indicators of this rising trend, including the abuse of well-known malware’s LIS, the adoption of new strains, and APT innovation. By shifting their tactics, cybercriminals can evade IOC blocking and render basic detections less effective.
To develop an effective defense system against this type of cyber threat, security experts recommend implementing a multi-method approach that includes network, file, and log detection. Proactive assessment of internet services and conducting attack simulations are also crucial for staying ahead of cybercriminals.
In their analysis of more than 400 malware families, security analysts found that 25% of them utilized LIS, with 68.5% using multiple LIS and 37% exploiting Infostealers. Among the most abused cloud platforms are Google Drive and OneDrive, while popular messaging apps such as WhatsApp and Telegram are also frequently targeted.
To achieve comprehensive detection and security, understanding both legitimate and malicious service usage is essential. This knowledge allows for nuanced detection and the ability to flag malicious LIS usage effectively.
To combat this evolving cyber threat, the report provides several recommendations. It emphasizes the importance of understanding service contexts for lasting security and enhancing nuanced detection capabilities. Implementing Transport Layer Security (TLS) interception can provide visibility into encrypted traffic and help identify malicious LIS usage. Additionally, deploying proactive threat-hunting techniques can help organizations identify and mitigate potential threats before they cause significant damage.
As cybercriminals continue to exploit cloud storage platforms and legitimate internet services, organizations must remain vigilant and adopt comprehensive defense strategies. Staying informed about the latest trends and developments in cybersecurity is crucial. By following reputable sources such as Google News, LinkedIn, Twitter, and Facebook, individuals and businesses can stay updated on the latest cyber threats and take appropriate measures to protect their systems and data.