Research: Cybercriminals Use Cloud Technology to Accelerate Business Attacks

Trend Micro Incorporated has identified a new class of cybercrime. Criminals are using cloud services and technology to speed up attacks, which decreases the amount of time enterprises have to identify and respond to a breach.

These findings are published in a new report from Trend Micro Research available here.

Trend Micro Research found terabytes of internal business data and logins for popular providers like Amazon, Google, Twitter, Facebook, and PayPal offered for sale on the dark web. This data is sold via access to the cloud logs in which it is stored. This results in more stolen accounts being monetized, and the time from initial data theft to stolen information being used against an enterprise has decreased from weeks to days or hours.

"The new market for access to cloud logs ensures stolen information can be used more quickly and effectively by the cybercrime community—that's bad news for enterprise security teams," said Robert McArdle, director of forward-looking threat research for Trend Micro. "This new cybercriminal market shows how criminals are using cloud technologies to compromise you. Which also means a business is not exempt from this attack method if they only use on-prem services. All organizations will need to double down on preventative measures and ensure they have the visibility and controls needed to react fast to any incidents that occur."

Once access is purchased for logs of cloud-based stolen data, the purchaser will use the information for secondary infection. For example, Remote Desktop Protocol (RDP) credentials can be found in these logs and are a popular entry point for criminals targeting enterprises with ransomware.

Storing terabytes of stolen data in cloud environments has similar appeal for criminal businesses as it does for legitimate organizations. Cloud storage offers scalability and speed that provides more computing power and bandwidth to optimize operations.

Access to these logs of cloud data are often sold on a subscription basis for as much as $1,000 per month. Access to a single log can include millions of records, and higher prices are earned for frequently updated data sets or the promise of relative exclusivity.

With ready access to data in this way, cybercriminals can streamline and accelerate execution of attacks and potentially expand their number of targets. The result is to optimize cybercrime by ensuring threat actors who specialize in specific areas—say cryptocurrency theft, or e-commerce fraud—can get access to the data they need: quickly, easily and relatively cheaply.

The Trend Micro report warns that in the future, such activity could even give rise to a new type of cybercriminal—an expert in data mining who uses machine learning to enhance pre-processing and extraction of information to maximize its usefulness to buyers. The overall trend will be towards standardization of services and pricing, as the industry matures and professionalizes.

Featured

  • The Impact of Convergence Between IT and Physical Security

    For years, the worlds of physical security and information technology (IT) remained separate. While they shared common goals and interests, they often worked in silos. Read Now

  • Unlocking Trustworthy AI: Building Transparency in Security Governance

    In situations where AI supports important security tasks like leading investigations and detecting threats and anomalies, transparency is essential. When an incident occurs, investigators must trace the logic behind each automated response to confirm its validity or spot errors. Demanding interpretable AI turns opaque “black boxes” into accountable partners that enhance, rather than compromise, organizational defense. Read Now

  • Seeking Innovative Solutions

    Denial, Anger, Bargaining, Depression and Acceptance. You may recognize these terms as the “5 Phases” of a grieving process, but they could easily describe the phases one goes through before adopting any new or emerging innovation or technology, especially in a highly risk-averse industry like security. However, the desire for convenience in all aspects of modern life is finally beginning to turn the tide from old school hardware as the go-to towards more user-friendly, yet still secure, door solutions. Read Now

  • Where AI Meets Human Judgment

    Artificial intelligence is everywhere these days. It is driving business growth, shaping consumer experiences, and showing up in places most of us never imagined just a few years ago. Read Now

  • Report: Only 44 Percent of Organizations are Fully Equipped to Support Secure AI

    Delinea recently published new research on the impact of artificial intelligence in reshaping identity security. According to the report, “AI in Identity Security Demands a New Playbook,” only 44% of organizations say their security architecture is fully equipped to support secure AI, despite widespread confidence in their current capabilities. Read Now

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.