Hackers are increasingly reaping the benefits of the cloud

Cyber criminals bring the cloud to the dark web, making it easier to move stolen data

Person types on laptop in the dark

Security researchers have discovered that hackers are storing terabytes of internal business data and logins for popular providers including Amazon, Google, Twitter, Facebook and PayPal on underground cloud services.

According to a new Trend Micro report, the hackers sell the data on the dark web and deliver the data via access to the cloud logs. Robert McArdle, director of forward-looking threat research for Trend Micro, said in a blog post said this resulted in more stolen accounts being monetized and cut the weeks it usually takes for data to go from stolen to being used against an enterprise to just days or hours.

In a sample dataset of 1,000 logs, researchers identified a total of 67,712 URLs for compromised accounts. Threat actors can purchase access to these so-called “Cloud of Logs,” which can include thousands or millions of emails and passwords, for $350-$1000 per month.

Once a threat actor purchases access to the cloud-based logs of stolen data, they can use the information for secondary infection. For example, remote desktop protocol (RDP) credentials, which are included in these logs, are popular entry points for criminals targeting enterprises with ransomware

Researchers added that storing terabytes of data in the cloud has a similar appeal for criminal businesses as it does for legitimate organizations. Cloud storage offers scalability and speed that provides more computing power and bandwidth to optimize operations. 

According to the report, cyber criminals can streamline and accelerate attacks and potentially expand their number of targets. The result is optimized cybercrime by ensuring threat actors who specialize in specific areas - say cryptocurrency theft or e-commerce fraud - can access the data they need quickly, easily and relatively cheaply.

Related Resource

A guide to becoming cloud-native smart and secure

The transcendence of cloud-native application development

Download now

McArdle, added that criminal businesses would need data-mining specialists to reap the greatest possible return on each terabyte of stolen data. 

“This role in the cybercriminal organization won’t be stealing credentials or monetizing them, but rather this person will sit in the middle of the organization separating the cuts of meat, if you will,” McArdle said. “An ideal candidate in this new cloud-driven business model will leverage machine learning to efficiently identify and bundle every data type that will be attractive to different buyers.”

What can your business do to combat this new, more advanced hacker? According to McArdle, hackers shifting to the cloud doesn’t change the basics of cyber security, but businesses must better prepare themselves to respond more quickly to combat these more agile hackers. 

McArdle also recommends continued employee education about the importance of cyber security, including creating safe passwords and not falling victim to phishing attacks.  

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Report: Security staff excluded from app development
cyber security

Report: Security staff excluded from app development

20 Jan 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

20 Jan 2021
SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021
FBI warns of ongoing corporate vishing attacks
phishing

FBI warns of ongoing corporate vishing attacks

19 Jan 2021

Most Popular

IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021
Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
Should IT departments call time on WhatsApp?
communications

Should IT departments call time on WhatsApp?

15 Jan 2021