Threat actors look with great interest at cloud services that could be abused for several malicious purposes, like storing malware or implementing command and control servers.
Now it seems to be the Microsoft Azure’s turn, recently experts reported several attacks leveraging the platform to host tech-support scam and phishing templates.
Security researchers already spotted some malware hosted on the Microsoft Azure platform.
Researchers at AppRiver observed attackers deploying malware on the Microsoft Azure platform, the bad news is that those malicious codes were not removed after some weeks, on May 29.
“Now the attacks have escalated to malware being hosted on the Azure service. Not only is Azure hosting malware, it is also functioning as the command and control infrastructure for the malicious files” reads the analysis published by AppRiver.
“On May 11, 2019, malware researchers @JayTHL & @malwrhunterteam discovered the malicious software on Azure. It was reported to Microsoft on May 12 for abuse via ticket #SIR0552640. However, the original malware (plus additional samples uploaded since) still resided on the Azure site as of May 29, 2019 – 17 days later.”
Experts pointed out that Azure is failing to detect the malware hosted on Microsoft’s servers.
“No service is infallible to being attacked or exploited. It’s evident that Azure is not currently detecting the malicious software residing on Microsoft’s servers. However, if a user attempts to download the executables, Windows Defender does detect the malicious files.”
In one case, a sample named searchfile.exe was uploaded to VirusTotal on April 26, 2019. Even is Windows Defender detects the malware its presence on Azure is not currently blocked. Unfortunately, experts reported many other similar cases.
Experts believe that this trend will continue to grow, threat actors will not only abuse Microsoft Azure, but other cloud services (i.e. Google Drive, Dropbox, and Amazon) will be exploited by attackers to avoid detection.
Thank you
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Microsoft Azure, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…
Researchers released an exploit code for the actively exploited vulnerability CVE-2024-3400 in Palo Alto Networks'…
Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services,…
The PuTTY Secure Shell (SSH) and Telnet client are impacted by a critical vulnerability that could…
Researchers warn of a renewed cyber espionage campaign targeting users in South Asia with the…
This website uses cookies.