Cybercriminals Used Amazon Cloud Services To Spread Financial Malware

  /     /     /  
Publicated : 22/11/2024   Category : security


Cybercriminals Used Amazon Cloud Services To Spread Financial Malware


Amazon takes down malicious links -- 60 hours after being alerted



A Kaspersky Lab researcher over the weekend alerted Amazon that cybercriminals were using its Amazon Web Services cloud offering to spread financial-stealing malware. The attackers apparently deployed registered accounts to wage the attacks on 11 international banks, nine of which are in Brazil.
Dmitry Bestuzhev, senior malware researcher at Kaspersky, says it took Amazon 60 hours to shut down the malicious links after he informed them of the activity on its cloud service. Cloud abuse is an emerging vector of attack for cybercriminals. I don’t believe classic botnets will be replaced totally or in a majority of the cases by malware in the cloud soon. However, [the] more cloud we’re going to use, [the] more attacks like this we’ll see. For now not much will change -- only C&C may slightly move to the commercial clouds, Bestuzhev says.
Bestuzhev says cloud providers need to better monitor their infrastructure and systems to catch attacks originating from their networks. He says Amazon, in theory, could have detected the abuse of its Web Services: However, before all malicious links were [taken] down, we had to wait around 60 hours. What should be done? To have more proactive monitoring and multiscanner checks of all links on AWS, and especially if it’s about binary files. Also, response time should be improved, he says.
The attackers appear to be out of Brazil, he says, and the main targets are Brazilian bank customers. They dropped a rootkit that detected and blocked four different antivirus programs, he says, as well as a security application used in Brazil for online banking called GBPluggin.
Other malware they spread was able to steal Microsoft Live Messenger credentials, digital certificates, and CPU and hard drive information. The attackers moved the stolen data over email to their Gmail accounts and to a remote database via a special PHP-inserting process.
They tried to cover their tracks by employing antipiracy software in their malware so that researchers would have trouble reverse-engineering the code, Bestuzhev says.
Kaspersky has identified and labeled the malware samples as Trojan-Downloader.Win32.Murlo.lib; Trojan-PSW.Win32.MSNer.a; Trojan-Banker.Win32.Banz.iok; Trojan-Banker.Win32.Banker.blpm; Trojan-Downloader.Win32.Homa.fgx; and Trojan-Banker.Win32.Banker.blbt.
I believe legitimate cloud services will continue to be used by criminals for different kinds of cyberattacks. Cloud providers should start thinking about better monitoring systems and expanding security teams in order to cut down on malware attacks enabled and launched from their cloud, Bestuzhev said
in a blog post
that includes screen shots.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cybercriminals Used Amazon Cloud Services To Spread Financial Malware