Hackread reports that misconfigurations in cloud services, including the "any/any" configuration permitted by more than 40% of networks, have been increasingly exploited by threat actors to distribute malicious payloads.Amazon Web Services S3 storage has been leveraged for the deployment of both the XWorm and Remcos remote access trojans, according to a Veriti Research study.Malware operators have also abused cloud providers for command-and-communications, with AWS tapped by the Havoc malware and NetSuppotManager RAT; Microsoft Azure used by the HookBot and Mythic payloads; Google Cloud utilized by Caldera and Unam Miner; and Alibaba Cloud abused by Pupy RAT and Brutal Ratel.Veriti researchers also noted advanced persistent threat group's mounting Sliver C2 usage for more covert intrusions.Such findings "emphasize the critical need for organizations to rethink cloud security strategies. The increasing abuse of cloud services for malware hosting, C2 operations, and exploitation calls for a proactive, security-first approach," said Veriti researchers.
Cloud Security, Malware, Threat Intelligence, Patch/Configuration Management
Misconfigured cloud services leveraged for malware deployment
(Adobe Stock)
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds