Partner content
3 ways attackers bypass cloud security
BLACK HAT EUROPE 2022 – London – CoinStomp. Watchdog. Denonia.
These cyberattack campaigns are among the most prolific threats today targeting cloud systems — and their ability to evade detection should serve as a cautionary tale of potential threats to come, a security researcher detailed here today.
“Recent cloud-focused malware campaigns have demonstrated that adversary groups have intimate knowledge of cloud technologies and their security mechanisms. And not only that, they are using that to their advantage,” said Matt Muir, threat intelligence engineer for Cado Security, who shared details on those three campaigns his team has studied.
While the three attack campaigns are all about cryptomining at this point, some of their techniques could be used for more nefarious purposes. And for the most part, these and other attacks Muir’s team has seen are exploiting misconfigured cloud settings and other mistakes. That for the most part means defending against them lands in the cloud customer camp, according to Muir.
“Realistically for these kinds of attacks, it has more to do with the user than the [cloud] service provider,” Muir tells Dark Reading. “They are very opportunistic. The majority of attacks we see have more to do with mistakes” by the cloud customer, he said.
Perhaps the most interesting development with these attacks is that they are now targeting serverless computing and containers, he said. “The ease of which cloud resources can be compromised has made the cloud an easy target,” he said in his presentation, “Real-World Detection Evasion Techniques in the Cloud.”
DoH, It’s a Cryptominer
Denonia malware targets AWS Lambda serverless environments in the cloud. “We believe it’s the first publicly disclosed malware sample to target serverless environments,” Muir said. While the campaign itself is about cryptomining, the attackers employ some advanced command and control methods that indicate they’re well-studied in cloud technology.
To read the complete article, visit Dark Reading.
