Amazon Web services and Azure cloud are the biggest names in the cloud computing world as cloud service providers. Both have exquisite features tailored to the respective requirements of businesses despite verticals and size. Computing technology has been widely used by IT companies, especially software industries as part of the change bringing data and programs from traditional desktop PCs to compute clouds.
Now, the number of cloud computing providers is increasing like never before and so are the malicious threats using these cloud computing services. The internet is saturated with the news of cloudy malicious campaigns. Recently, AWS and Azure cloud services have been widely misused by cybercriminals to get unauthorized access to files as well as remote conduct surveillance. Commercial remote access trojans such as AsyncRAT, Nanocore and Netwire have been widely used to perform an array of malicious activities on the cloud.
Cyber threats using Remote access Trojans
Cybercriminals have been using Azure as well as AWS services to perform malicious activities by deploying three commercial Remote Access Trojans. Tracking down these attackers’ operations is arduous as prominent cloud vendors Azure and AWS allow attackers to establish their own infrastructure. A phishing email is the most used way to trigger these scripts.
If the organization loads the file which has a trojan through VB script or Windows batch file, these trojans can adversely affect your organization. Most of the time what happens is that these codes appear to be obfuscated and loaded by the downloader. Another script used is HCryt along with various payload hosts to conduct perilous activities. HTTP servers are designed in a way to allow access to open directories embedded with these commercial trojans.
All these malicious activities and consequences have been discovered by the Intelligence company, Cisco Talos. By exploiting these cloud platforms, hackers could use the internet without much effort and cost as they use the Cloud as a platform to deploy and deliver variants of Remote Access Trojans. Azure Cloud consulting companies also found out malicious subdomains have been widely used in Azure to resolve the servers in order to activate RAT play loads.
What can we do?
AWS cloud consulting companies are vigilant not to witness such damage occur to their clientele. They relentlessly implement strategies to counteract the efforts of cybercriminals. For example, surveilling the amount of traffic to the organization as well as creating intricate script execution policies on their end-points. Organizations are also recommended to secure their email in order to break the deadly chains at the earliest.
Dynamic DNS has been widely utilized as they have no static IP address when it comes to cloud operations. These attackers are all equipped to set up their own infrastructure to conduct these activities. Being a business owner, you need to have a multi-layered, robust security system to determine and identify these malicious threats. As stated above, strict script policies, traffic monitoring and multi-layered security can be a real help to ward off attacks from cybercriminals using these Remote Access Trojans.