Hackers are increasingly reaping the benefits of the cloud
Cyber criminals bring the cloud to the dark web, making it easier to move stolen data
Security researchers have discovered that hackers are storing terabytes of internal business data and logins for popular providers including Amazon, Google, Twitter, Facebook and PayPal on underground cloud services.
According to a new Trend Micro report, the hackers sell the data on the dark web and deliver the data via access to the cloud logs. Robert McArdle, director of forward-looking threat research for Trend Micro, said in a blog post said this resulted in more stolen accounts being monetized and cut the weeks it usually takes for data to go from stolen to being used against an enterprise to just days or hours.
In a sample dataset of 1,000 logs, researchers identified a total of 67,712 URLs for compromised accounts. Threat actors can purchase access to these so-called “Cloud of Logs,” which can include thousands or millions of emails and passwords, for $350-$1000 per month.
Once a threat actor purchases access to the cloud-based logs of stolen data, they can use the information for secondary infection. For example, remote desktop protocol (RDP) credentials, which are included in these logs, are popular entry points for criminals targeting enterprises with ransomware.
Researchers added that storing terabytes of data in the cloud has a similar appeal for criminal businesses as it does for legitimate organizations. Cloud storage offers scalability and speed that provides more computing power and bandwidth to optimize operations.
According to the report, cyber criminals can streamline and accelerate attacks and potentially expand their number of targets. The result is optimized cybercrime by ensuring threat actors who specialize in specific areas - say cryptocurrency theft or e-commerce fraud - can access the data they need quickly, easily and relatively cheaply.
A guide to becoming cloud-native smart and secure
The transcendence of cloud-native application developmentDownload now
McArdle, added that criminal businesses would need data-mining specialists to reap the greatest possible return on each terabyte of stolen data.
“This role in the cybercriminal organization won’t be stealing credentials or monetizing them, but rather this person will sit in the middle of the organization separating the cuts of meat, if you will,” McArdle said. “An ideal candidate in this new cloud-driven business model will leverage machine learning to efficiently identify and bundle every data type that will be attractive to different buyers.”
What can your business do to combat this new, more advanced hacker? According to McArdle, hackers shifting to the cloud doesn’t change the basics of cyber security, but businesses must better prepare themselves to respond more quickly to combat these more agile hackers.
McArdle also recommends continued employee education about the importance of cyber security, including creating safe passwords and not falling victim to phishing attacks.
Consumer choice and the payment experience
A software provider's guide to getting, growing, and keeping customersDownload now
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email securityDownload now
Business in the new economy landscape
How we coped with 2020 and looking ahead to a brighter 2021Download now
How to increase cyber resilience within your organisation
Cyber resilience for dummiesDownload now