Cloud Services Being Used to Distribute Malware

Trend Micro released a report noting that their analysis shows that hackers are more frequently hijacking cloud servers and services in order to deploy and control their malware. In a blog post written by Christopher Budd from Trend Micro, he notes, “Like so many smart businesses around the world, cybercriminals are increasingly jumping on the cloud bandwagon.”  This line of thinking makes sense because if cloud makes delivering services easier, it could make delivering and managing malware easier as well. Budd notes a report generated by Trend that gives much more details.

In regards to specific attacks or specific malware, Trend mentions, “Specifically, Dropbox has been used in some targeted attacks for command and control (C&C) purposes.” The post goes on to say, “Keep in mind; this isn’t a problem with Dropbox per-se: it appears these cybercriminals have signed up for legitimate accounts but are using them for malicious ends.  It does however demonstrate criminals’ propensity for hijacking legitimate services.”

What can we take away from Trend’s analysis? Hackers are getting smarter and they are starting to think like shrewd business people. In order to prevent such attacks, it is important for CIO’s to limit the types of cloud services available in their environment. Trend recommends doing this so that the surface area for attack is reduced. Using an internet filter or proxy that controls what cloud services your users can access will be paramount in achieving this feat.

For example, if your office uses Google Drive for Work, why would any user ever need to access DropBox? CloudWedge recently reported on SkyHigh Networks, a firm dedicated to reducing the surface area for such attacks. These attacks are becoming big business due to the fact that Sky High received $40 million in funding to help mature their product that deflects these types of attacks.