Hackers Use Public Cloud Features to Breach, Persist In Business Networks

GlobalDots

24th August, 2018 2 Min read

Attackers are abusing the characteristics of cloud services to launch and hide their activity as they traverse target networks.

A new body of evidence indicates threat actors are using increasingly advanced techniques to target unsecured cloud users and leveraging features common to public cloud platforms to conceal activity as they breach and persist in target networks.

Data comes from the Threat Stack security team, which spotted the pattern over multiple years of observing behavior on client networks. It was in 2016 when they noticed attacks leveraging Amazon Web Services (AWS) were becoming more sophisticated, says CSO Sam Bisbee. The trend picked up in 2017.

The problem, the team notes, is not with AWS but with the way attackers are maliciously using it.

In simpler attacks, actors typically steal AWS keys and seek direct paths to resources stored in open S3 buckets, or they launch a new Amazon Elastic Compute Cloud (EC2) to mine cryptocurrency. Sometimes they don’t have to look far: Misconfigured S3 buckets made a number of headlines in the past couple of years. Amazon emphasizes S3 buckets are secured by default; it also launched Macie to protect AWS S3 data and provides free bucket checks via Trusted Advisor.

Advanced attacks start with credential theft, which Bisbee says is the most common initial entry point. An attacker can steal access keys or credentials via phishing attacks, deploying malware that picks up usernames and passwords, and snatching data from a Github repository where a developer may have accidentally uploaded his information.

Credentials secured, the next step is to figure out what level of permissions can be attained. If an actor realizes he doesn’t have what he needs, he may attempt to create additional roles or credentials in AWS and then launch a new EC2 instance inside the target environment. However, the stolen credentials must have access to IAM to create new roles, which AWS does not allow by default.

Image Source

Latest Articles

FinOps

Cut Big Data Costs by 23%: 7 Key Practices

In this webinar, we reveal a solution that cuts big data costs by 23% and enhances system efficiency - without changing a single line of code. We’ll also explore 7 key practices that will free your engineers to process and analyze data at the pace and scale they need - and ensure they never lose control of the process.

Developer AXE-WEB

15th April, 2024

Cloud Cost Optimization FinOps

Cloud Cost Optimization: The Definitive Guide to Reduce Cloud Spend

The move to the cloud has enabled tech leaders to modernize their infrastructure and improve application availability, scalability, and performance.

Yaniv Cohen Cloud Engineer @ GlobalDots

31st March, 2024

Cloud Cost Optimization FinOps

Project FOCUS: A New Age of FinOps Visibility

It’s easy for managers and team leaders to get caught up in the cultural scrum of FinOps. Hobbling many FinOps projects, however, is a lack of on-the-ground support for the DevOps teams that are having to drive this widespread change – this is how all too many FinOps projects become abandoned on the meeting room […]

Nesh (Steven Puddephatt) Senior Solutions Engineer @ GlobalDots

27th March, 2024

Cloud Cost Optimization FinOps

Optimize Your Cloud Spend with a FinOps Maturity Assessment

Achieving FinOps is a tall order: it demands a degree of organizational self-awareness that some companies are constantly battling for. Consider the predicament that many teams find themselves in: while their cloud environments may contain a number of small things that could be optimized, there are no single glaring mistakes that are consuming massive quantities […]

Nesh (Steven Puddephatt) Senior Solutions Engineer @ GlobalDots

27th March, 2024

Back to Resources

Unlock Your Cloud Potential