Cloud providers such as Microsoft Azure, Amazon and Google are perennial targets for attackers seeking to compromise and weaponize virtual machines and other resources.The digital age opens so many opportunities but also very serious threats.
Once compromised the attacker can use these platforms to use these virtual machines to launch attacks, including brute force attacks against other virtual machines, to deliver spam campaigns that can be used for email phishing attacks, for reconnaissance such as port scanning to identify new attack targets, and for other malicious activities. The geographical map within the link below shows incoming attacks on Azure—specifically the IP addresses where the attacks originated – detected by Azure Security Center. Interesting is the comparison of different countries.
In a cloud weaponization threat scenario, an attacker establishes a foothold within a cloud infrastructure by compromising and taking control of one or more virtual machines.
Once compromised, those resources often communicate with command-and-control (C&C) servers to receive instructions.
In 2019 Outgoing attacks % (outgoing communications from these countries going out to malicious IP addresses was as follows:
Interestingly the number of Drive By Downloads (DBD) is the act of unintentional download of malicious code onto an unsuspecting user’s computer when they visit a web site. The malicious code could be used to exploit vulnerabilities in web browsers, browser add-ons, applications, and the operating system. Users can be infected with malware simply by visiting a website, even without attempting to download anything.Worldwide these encounters have decreased 22% between January and December 2018.
If you would like to discuss your business security please contact us for a general chat. Once we understand any concerns we can help advise.
Click here for more information