Attackers Misusing Cloud Services and CDNs to Spread Malware
A recent report by Netskope has highlighted that attackers are increasingly using cloud services and content delivery networks (CDNs) to deliver malware. The report found that attackers are utilising widely used cloud services and applications to deliver malware and masking their post-infection activities by routing them over common network ports and recognisable CDNs and cloud providers.
The Method of Attack
Attackers establish communication channels with home servers after the malware infects a victim machine to download additional malware payloads, execute commands, and exfiltrate data. The infiltrators are routing their activities through IP addresses belonging to well-known CDNs and cloud service providers, including but not limited to Amazon Web Services, Microsoft Azure, Akamai, Limelight, Cloudflare, and more.
The report shows that only a small percentage of total web malware downloads were delivered over methods recognised as risky, such as newly registered domains and uncategorised sites. In Q1 2023, 72% of all malware downloads detected by Netskope were new. Attackers delivered malware by abusing widely used services; for example, OneDrive, SharePoint, Amazon S3 buckets, GitHub, Weebly, Dropbox, Google Drive, Box, Google’s Gmail service, and Azure Blob Storage. Netskope confirmed that there were 261 distinct apps used in Q1 2023 for malware downloads.
The Abuse of Cloud Apps
Cloud apps are commonly abused as a form of social engineering by attackers that use app features familiar with victims to entice them into downloading malware. The Netskope team suggests that this is becoming a popular approach among attackers.
Recommendation
Given the rise of malware attacks delivered through cloud services and content delivery networks, enterprises should take precautionary measures to protect their systems. To counter this kind of threat, IT administrators should implement a zero-trust approach to verify user credentials before granting access to resources and monitor network traffic continuously to help recognise malicious activities. Additionally, it is essential to limit access to risky applications; IT administrators should also conduct regular security awareness training to educate users on cybersecurity best practices and prevent them from becoming a victim of such types of attacks.
Enterprises should also utilise ransomware protection tools such as anti-virus software, firewalls, intrusion prevention systems to identify and block malicious activities. Besides, they should employ techniques such as data encryption, backups, and disaster recovery measures to ensure business continuity and limit the damage in case of a ransomware attack.
Overall, enterprises need to adopt a proactive security posture and remain vigilant against emerging cyber threats to protect their systems and data.
<< photo by Tungsten Rising >>
You might want to read !
- Global Expansion: Dark Reading Takes On the World
- Google’s New Cybersecurity Career Certificate Program: Bridging the Skills Gap
- Microsoft Finally Resolves Exploited Outlook Vulnerability with Patch Fix
- InsightCyber Unveils Global Platform for Critical Infrastructure Cybersecurity
- “North Korean Hackers Circumvent Macro-Blocking Using LNK Tactic”
- “Adapt or Fall Behind: The Fast-Paced World of Constant API Updating” – Enterprise Strategy Group Research Findings
