Remote Access Trojans target Public Cloud Infrastructure

January 19, 2022
  • It does seem these days, specially if you have been following Cloud Security Podcast and Cloud Security News that many things are migrating to cloud and so are the threat actors. Cisco Talos Researchers have shared in a blog last week that  a trio of remote access Trojans (RATs)—Nanocore, Netwire and AsyncRAT—are being spread in a campaign that taps public cloud infrastructure and is primarily aimed at victims in the U.S., Italy and Singapore. According to the blog “Threat actors are increasingly using cloud technologies to achieve their objectives without having to resort to hosting their own infrastructure,” and “cloud services like Azure and AWS allow attackers to set up their infrastructure and connect to the internet with minimal time or monetary commitments. It also makes it more difficult for defenders to track down the attackers’ operations.” The initial infection vector is primarily a phishing email with a malicious Zip file attachment” The researcher rightly points out that “Despite being one of the oldest infection vectors, email is still an important infection path which needs to be protected” and urges organizations to deploy comprehensive multi-layered security controls to detect similar threats and safeguard their assets. According to the blog “Defenders should monitor traffic to their organization and implement robust rules around the script execution policies on their endpoints. It is even more important for organizations to improve email security to detect and mitigate malicious email messages and break the infection chain as early as possible.” Read more about this here.
  • Whilst that was a friendly reminder about securing our email pathways, Netskope also released a blog last week about Malwares. Interestingly their research which surveyed millions of users worldwide from January 1, 2020 to November 30, 2021 found that Cloud-delivered malware is now more prevalent than web-delivered malware, accounting for 66%, up from 46% last year. They also found that Google Drive is the top app for most malware downloads and Cloud-delivered malware via Microsoft Office nearly doubled from 2020 to 2021. “The increasing popularity of cloud apps has given rise to three types of abuse – attackers trying to gain access to victim cloud apps, attackers abusing cloud apps to deliver malware, and insiders using cloud apps for data exfiltration,” said Ray Canzanese, Threat Research Director of  Netskope Threat Labs. “The report serves as a reminder that the same apps that you use for legitimate purposes will be attacked and abused. Locking down cloud apps can help to prevent attackers from infiltrating them, while scanning for incoming threats and outgoing data can help block malware downloads and data exfiltration.”  Read the report here
  • Now from protecting your emails to your cloud apps, there is plenty to do in the world of cloud security for organisations. One thing you wouldnt have to worry about is vulnerability in AWS’s cloudformation service that was discovered and shared by Orca Security who we have covered as part of Cloud Security news in previous episodes with respect to their funding raised last year and commentary on the cloud security released They claim that this vulnerability  could have been used to leak sensitive files found on the vulnerable service machine and make server-side requests (SSRF) susceptible to the unauthorized disclosure of credentials of internal AWS infrastructure services. Orca Security confirmed that  AWS completely mitigated within 6 days of their submission.If you want to know more about their discovery, you can read it here
  • In other news, “the US government is reportedly reviewing the cloud computing arm of Chinese ecommerce giant Alibaba to determine whether or not it poses a risk to national security.” As reported by Reuters, the Biden administration launched the probe to find out more about how Alibaba Cloud stores the data of US clients including personal information and intellectual property and to see if the Chinese government could gain access to it. “Alibaba’s U.S. cloud business is small, with annual revenue of less than an estimated $50 million, according to research firm Gartner Inc.” You can read Reuters report here
  • If you use Sysdig’s platform who were recently valued at 2.5 Billion, you will be pleased to kow that they have expanded their cloud security offering to Azure Cloud aswell. They were already providing cloud security services within AWS and Googl Cloud. If you are not familiar with them, they offer continuous cloud security and compliance controls  together with existing vulnerability management, compliance, and threat detection for containers and Kubernetes. This new offering enables organizations to automatically discover assets with configuration drift or suspicious activity and flag cloud misconfigurations and compliance violations. You can find out more about them here 
  • Last season we covered quite a few cloud security companies who were doing exciting things in the world of cloud security and securing significant fundings and valuations. To join the ranks, 2022 has started with Permiso, a Palo Alto-based startup that provides cloud identity detection and response for cloud infrastructures, has launched from stealth with $10 million in seed funding. Permiso claims to  provide organizations with visibility for identities in their cloud infrastructure to give real-time insights into who is in the environment and what they are doing. You can find our more about them here. Eureka, a Tel Aviv-based startup that provides enterprises with tools to manage security risks across their various data stores has also raised an $8 million seed round led by YL Ventures. The company claims that the “The idea behind Eureka then is to give these businesses insights into all the cloud data stores that are connected to their systems and help them manage access policies and discover configuration issues and policy violations. While many organizations have clear ideas about how they think about data protection, implementing those policies across different data stores, all with their own settings and capabilities, is often a challenge.” You can find out more about them here 

Recommend a topic

Partner with us

Join the team

Enjoying our content? Don't forget to subscribe!