The Growing Threat Of Malware Concealed Behind Cloud Services
Fortinet News, Tuesday, June 25th, 2024
Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers, such as VCRUMS stored on AWS or SYK Crypter distributed via DriveHQ.
This shift in strategy presents significant challenges for detection and prevention, as cloud services provide scalability, anonymity, and resilience that traditional hosting methods lack.
Over the past month, FortiGuard Labs has been monitoring botnets that have adopted this strategy, abusing cloud services to enhance their malicious capabilities. These botnets, such as UNSTABLE and Condi, have been observed leveraging cloud storage and computing services operators to distribute malware payloads and updates to a broad range of devices. Using cloud servers for C2 operations ensures persistent communication with compromised devices, making it harder for defenders to disrupt an attack. We have also observed a threat actor exploiting multiple vulnerabilities to target JAWS webservers, Dasan GPON home routers, Huawei HG532 routers, TP-Link Archer AX21, and Ivanti Connect Secure to amplify their attacks.