Cyber criminals use cloud technology to accelerate attacks on businesses. Trend Micro Research finds terabytes of stolen data for sale in cloud logs.
Trend Micro has identified a new breed of cybercrime. Criminals use cloud services and technologies to accelerate attacks. Companies therefore have less time to identify and react to a loss of data.
Trend Micro researchers found terabytes of internal business data from companies as well as logins for popular providers such as Amazon, Google, Twitter, Facebook and PayPal, which are offered for sale on the dark web. The data is sold by accessing the cloud logs in which it is stored. This type of offer means that a larger number of stolen accounts can be monetized. It also reduces the time from the initial data theft to the point at which stolen information can be used against a company from several weeks to just a few days or hours.
Cloud logs help cybercriminals with stolen information
“The new market for access to cloud logs enables cyber criminals to exploit stolen information faster and more effectively. This is bad news for corporate security officers, ”explains Richard Werner, Business Consultant at Trend Micro. “This development shows that attackers are also using cloud technologies to compromise companies. It is important to understand that even companies that only use on-premise systems are not protected from attacks. Rather, all companies must ensure that they really protect themselves and that they have the necessary transparency and control in order to be able to react quickly to any incidents. "
Once a buyer has gained access to logs containing stolen data in the cloud, they can use this information to launch another cyberattack. For example, these logs often contain access data for the Remote Desktop Protocol (RDP), which is a popular entry point for cyber criminals who blackmail companies using ransomware.
Stolen amounts of data in the terabyte range
The storage of stolen data volumes in the terabyte range in cloud environments is just as attractive for criminal organizations as it is for legitimate companies: Cloud storage offers scalability and higher speeds. Processes can be optimized through greater computing power and bandwidth.
Access to these logs of cloud data is often sold on a subscription basis for up to $ 1.000 per month. A single log can contain millions of records. Higher prices are achieved for more frequently updated data sets or the promise of relative exclusivity.
Cyber criminals are very adaptable
With easy access to data, cybercriminals can streamline and accelerate the execution of attacks and increase the number of potential victims. This also shows how adaptable cybercrime is: by ensuring that threat actors who specialize in certain areas - such as cryptocurrency theft or e-commerce fraud - can quickly and cheaply access the data they need, they can still do so cause greater damage.
The Trend Micro report warns that such activity could even spawn a new breed of cybercriminal in the future: a data mining expert who uses machine learning to improve the preprocessing and extraction of information in order to maximize its usefulness for buyers. With the increasing professionalization of cybercrime, the general trend will be towards standardization of services and prices on underground marketplaces.
More on this at TrendMicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.