Security News

Phishers are creating Adobe Creative Cloud accounts and using them to send phishing emails capable of thwarting traditional checks and some advanced threat protection solutions, Avanan security researcher Jeremy Fuchs warns. This new wave of attacks started in December 2021, and they are exploiting the fact that Adobe's apps are designed to foster collaboration by sharing documents.

Attackers are leveraging Adobe Creative Cloud to target Office 365 users with malicious links that appear to be coming legitimately from Cloud users but instead direct victims to a link that steals their credentials, researchers have discovered. Though attackers are primarily targeting Office 365 users - a favorite target among threat actors - researchers have seen them hit Gmail inboxes as well, Jeremy Fuchs, cybersecurity research analyst at Avanan, told Threatpost.

For threat actors, there is a simple calculus at play - namely, what method of attack is a) easiest and b) most likely to yield the biggest return? And the answer, at this moment, is Linux-based cloud infrastructure, which makes up 80%+ of the total cloud infrastructure. These attacks will undoubtedly continue into 2022 and potential targets parties must remain vigilant.

Cyberattackers are abusing Amazon Web Services and Azure Cloud services to deliver a trio of remote access trojans, researchers warned - all aimed at hoovering up sensitive information from target users. "When the initial script is executed on the victim's machine, it connects to a download server to download the next stage, which can be hosted on an Azure Cloud-based Windows server or an AWS EC2 instance."

Threat actors are actively incorporating public cloud services from Amazon and Microsoft into their malicious campaigns to deliver commodity remote access trojans such as Nanocore, Netwire, and AsyncRAT to siphon sensitive information from compromised systems. "From the use of cloud infrastructure to host malware to the abuse of dynamic DNS for command-and-control activities. Additionally, the layers of obfuscation point to the current state of criminal cyber activities, where it takes lots of analysis to get down to the final payload and intentions of the attack."

The campaign was first detected in October and is using services like AWS and Azure to hide its tracks and evade detection. Talos, Cisco's cybersecurity research arm, reports it has detected a new malware campaign that is using public cloud infrastructure to host and deliver variants of three remote access trojans while maintaining enough agility to avoid detection.

Netskope released a research highlighting the continued growth of malware and other malicious payloads delivered by cloud applications. The year-over-year analysis identifies the top trends in cloud attacker activities and cloud data risks from 2021 as compared to 2020, and examines changes in the malware landscape throughout 2021, highlighting that attackers are achieving more success delivering malware payloads to their victims and offering advice for improving security posture in 2022.

Google Drive ended 2021 as the most abused cloud storage service for malware downloads, according to security provider Netskope. In its "January 2022 Cloud and Threat Report" released Tuesday, Netskope noted that cloud storage apps gained even greater adoption in 2021.

While some may opt for the increasingly popular cloud-as-a-service model, outsourcing their cloud access and resources to a third-party, others are looking to private on-premises cloud solutions to mobilize their teams online. While an on-premises cloud solution might seem like an appealing way to get your team online while retaining full control and maximum security, is it really the best of both worlds? We'll get into that in a moment, but first let's outline what we mean by on-premises cloud and how it differentiates from regular cloud solutions.

There has been a lot of innovation that has sparked a new wave of technologies - from the boom in serverless technologies to the evolution of cloud automation security. These innovations have enabled organizations to improve business agility and reduce costs; but they've also increased the attack surface as demonstrated by a recent IDC report, which highlights that 98% of organizations suffered at least one cloud security breach in the previous 18-months.