In its latest Security Intelligence Report from Microsoft, cyber-criminals are compromising virtual machines in the cloud in such a way which will vastly increase the scale of Distributed Denial of Service Attacks (DDoS).
In this report, Microsoft has warned of many new cyber risks faced by IT companies. As per the reports, hackers have learned how to use compromised virtual machines running in the cloud to launch massive cyber-attacks.
“In the cloud weaponisation threat scenario, an attacker establishes a foothold within a cloud infrastructure by compromising and taking control of a few virtual machines. The attacker can then use these virtual machines to attack, compromise, and control thousands of virtual machines—some within the same public cloud service provider as the initial attack, and others inside other public cloud service providers,” says the report.
According to the report, attackers can easily send commands to launch DDoS attacks that cripple online services and websites or flood the internet with spam.
Azure, the cloud computing platform of Microsoft has witnessed attempts to exploit the cloud to establish communications with malicious IP addresses and brute force RDP, the Remote Desktop Protocol used by Microsoft to allow users to access their desktops over a network, representing 41% and 25.5% of all outbound attacks, respectively. Spam followed at just over 20% and DDoS attempts made up 7.6% of attacks.
Microsoft has also warning IT administrators to be on the lookout for targeted threats aimed at taking control of an email account that has a high probability of containing credentials that can be used to gain access to the public cloud administrator portal. Unfortunately, if the attacks get successful, the threats may open both their on-premises and cloud infrastructures to attack.
It can so happen that, the attacker, after logging into the administrator portal, can gather information and make changes to gain access to other cloud-based resources, execute ransomware, or even pivot back to the on-premises environment. The attackers also keeping tabs on GitHub and other public code repositories, hoping that developers will accidentally publish secret keys that can potentially grant access to cloud accounts and services.
Additionally, Microsoft has also warned of “Man in the Cloud” (MitC) attacks wherein victims are tricked into downloading and installing malware, typically with an email containing a malicious link. If it gets once active, the malware searches for a cloud storage folder and replaces the victim’s synchronisation token with that of the attacker’s. Once this is done, whenever a user adds a file to their cloud storage accounts each time, a copy is delivered to the attacker.