Remote Access Trojans target Public Cloud Infrastructure

Cloud Security News this week 19 Jan 2022

• Cisco Talos Researchers have shared in a blog last week that a trio of remote access Trojans (RATs)—Nanocore, Netwire and AsyncRAT—are being spread in a campaign that taps public cloud infrastructure and is primarily aimed at victims in the U.S., Italy and Singapore. According to the blog “Threat actors are increasingly using cloud technologies to achieve their objectives without having to resort to hosting their own infrastructure,” and “cloud services like Azure and AWS allow attackers to set up their infrastructure and connect to the internet with minimal time or monetary commitments. It also makes it more difficult for defenders to track down the attackers’ operations.” Read more about this here.
• Netskope also released a blog last week about Malwares. Interestingly their research which surveyed millions of users worldwide from January 1, 2020 to November 30, 2021 found that Cloud-delivered malware is now more prevalent than web-delivered malware, accounting for 66%, up from 46% last year. They also found that Google Drive is the top app for most malware downloads and Cloud-delivered malware via Microsoft Office nearly doubled from 2020 to 2021. Read the report here
• Vulnerability in AWS’s cloudformation service that was discovered and shared by Orca Security. Orca Security confirmed that AWS completely mitigated within 6 days of their submission.If you want to know more about their discovery, you can read it here
• The US government is reportedly reviewing the cloud computing arm of Chinese ecommerce giant Alibaba to determine whether or not it poses a risk to national security.” As reported by Reuters, the Biden administration launched the probe to find out more about how Alibaba Cloud stores the data of US clients including personal information and intellectual property and to see if the Chinese government could gain access to it. You can read Reuters report here
• Sysdig’s platform who were recently valued at 2.5 Billion have expanded their cloud security offering to Azure Cloud aswell. . You can find out more about them here

Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

Instagram - Cloud Security News

If you want to watch videos of this LIVE STREAMED episode and past episodes, check out:

- Cloud Security Podcast:

- Cloud Security Academy: