HomeRisk ManagementsCyber Attackers Utilizing Cloud Services for Malware Deployment

Cyber Attackers Utilizing Cloud Services for Malware Deployment

Published on

spot_img

Malware operators have found a new way to conduct their malicious campaigns by turning to legitimate cloud services, as reported by cybersecurity firm Fortinet. In a recent publication, FortiGuard Labs, the research team of Fortinet, disclosed their findings on how threat actors are leveraging cloud services to enhance the capabilities of their malware.

Utilizing cloud servers for command and control (C2) operations allows threat actors to maintain persistent communication with compromised devices, increasing the difficulty for defenders to disrupt an attack. This transition to cloud-based operations signifies a significant evolution in the threat landscape, according to FortiGuard Labs.

Examples of this tactic include the use of remote access Trojans (RAT) like VCRUMS on Amazon Web Services (AWS) and crypters like SYK Crypter distributed via DriveHQ. Additionally, FortiGuard Labs identified a threat actor exploiting multiple vulnerabilities to target various devices such as JAWS webservers, Dasan GPON home routers, Huawei HG532 routers, TP-Link Archer AX21, and Ivanti Connect Secure to intensify their attacks.

In their report, FortiGuard Labs highlighted three malware strains that are currently leveraging cloud services to amplify their impact. One of these strains, named ‘Skibidi,’ exploits vulnerabilities in the TP-Link Archer AX21 Wi-Fi router and Ivanti Connect Secure products. Furthermore, FortiGuard Labs analyzed two botnets, Condi and Unstable, which target vulnerabilities in devices like TP-Link Archer and JAWS Webserver for DDoS attacks.

The operators of these malware strains rely on cloud C2 servers and cloud storage and computing services to distribute their payloads and updates efficiently across a wide range of devices. The flexibility and efficiency of cloud services have inadvertently provided cybercriminals with a new platform for their illicit activities.

As botnets and DDoS tools increasingly leverage cloud services, organizations are advised to enhance their cloud security defenses. Implementing a multi-layered security approach that includes regular patching, updates, and network segmentation is essential to isolate critical assets and mitigate potential breaches, as emphasized by the security researchers.

The evolution of malware operations to exploit cloud services underscores the need for continuous diligence in cybersecurity measures. By staying ahead of emerging threats and fortifying defenses, organizations can effectively safeguard their systems and data from malicious attacks.

Source link

Latest articles

The Evolving Role of the CISO as the Future CFO

The Pressing Question of Cybersecurity Assurance: Is the CISO Role Sustainable? In the fast-evolving landscape...

Why the Gentlemen Ransomware Challenges Identity and Recovery Controls

Emerging Threat: The Gentlemen Ransomware Group Targeting Enterprises Globally A recent report by cybersecurity firm...

Chinese Cyberespionage Targets University Roundcube Servers

Espionage Campaign Targets University Departments with Advanced Cyber Tactics A sophisticated cyber-espionage campaign has recently...

Visa Threat Platform Tackles Payment Fraud

Visa Launches Advanced Threat Intelligence Platform to Combat Payment Fraud In a significant move to...

More like this

The Evolving Role of the CISO as the Future CFO

The Pressing Question of Cybersecurity Assurance: Is the CISO Role Sustainable? In the fast-evolving landscape...

Why the Gentlemen Ransomware Challenges Identity and Recovery Controls

Emerging Threat: The Gentlemen Ransomware Group Targeting Enterprises Globally A recent report by cybersecurity firm...

Chinese Cyberespionage Targets University Roundcube Servers

Espionage Campaign Targets University Departments with Advanced Cyber Tactics A sophisticated cyber-espionage campaign has recently...