One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8538226 |
| Date de publication | 2024-07-16 07:26:11 (vue: 2024-07-16 15:06:41) |
| Titre | Acteurs de menace \\ 'Arsenal: comment les pirates ciblent les comptes cloud Threat Actors\\' Arsenal: How Hackers Target Cloud Accounts |
| Texte | Introduction In today\'s interconnected world, cloud computing has become the backbone of countless businesses. However, with this rise in cloud adoption, malicious actors have adapted their strategies to compromise sensitive data stored in cloud environments and propagate threats throughout supply chains. One prevalent method is the use of tools specifically designed to automate attacks against cloud accounts, resulting in account takeover (ATO) and business email compromise (BEC) incidents. Keeping up with a tradition of trying to understand the attackers\' perspective, Proofpoint cloud threat researchers have obtained and analyzed various hacking tools used by threat actors. In this blog series, we\'ll showcase a few examples and explore the largely uncovered world of these tools, while examining their functionalities, the risks they pose, and how organizations can defend against them. Understanding toolsets: basic concepts and terminology Attack toolsets are purposefully crafted to enable, automate, and streamline cyber-attacks en masse. These toolsets exploit diverse weaknesses, from frequent misconfigurations to old authentication mechanisms, in order to gain access to selected resources. Often, attack toolsets are designed with specific aims in mind. In recent years, cloud accounts have become prime targets. But getting your hands on effective tools is not so trivial. Some toolsets are only sold or circulated within restricted channels, such as closed Darknet hacking forums, while others (especially older versions) are publicly available online. With a rising demand for hacking capabilities, hacking-as-a-service (HaaS) has become a prominent business model in today\'s cyber threat landscape, providing convenient access to advanced hacking capabilities in exchange for financial gain. As such, it lowers entry barriers for cybercriminals, allowing them to execute attacks with minimal effort. Regardless of their complexity, every attack tool aiming to compromise cloud accounts must utilize an initial threat vector to gain unauthorized access. Proofpoint\'s ongoing monitoring of the cloud threat landscape has led its researchers to categorize the majority of observed attacks into two primary threat vectors: brute-force attacks and precision attacks. In terms of sheer volume, brute-force attacks, encompassing techniques such as password guessing and various other methods, continue to maintain their status as the most prevalent threat vector. Despite the statistical nature of these attacks and their reliance on a "spray and pray" approach, they remain a significant threat. According to our research, roughly 20% of all organizations targeted by brute-force attacks in 2023 experienced at least one successful account compromise instance. The surprising effectiveness of brute-force methods, combined with their relative simplicity, makes this vector appealing not only to common cybercriminals, but also to sophisticated actors. In January 2024, Microsoft disclosed that it had fallen victim to a nation-state attack attributed to the Russian state-sponsored group APT29 (also known as TA421 and Midnight Blizzard). According to Microsoft\'s announcement, the attackers employed password spraying to compromise a legacy, non-production test tenant account that lacked multifactor authentication (MFA). After gaining access, attackers were able to quickly leverage it and hijack additional assets, ultimately exfiltrating sensitive data from various resources. This incident emphasizes the potential risk that brute-force and password spraying attacks pose to inadequately protected cloud environments. A brute-force attack kill chain, targeting cloud environments using leaked credentials and proxy networks. Combo lists, proxy lists and basic authentication Combo lists play a crucial role in facilitating systematic and targeted credential stuffing attacks. These lists, comprised of curated email address and password pairs, serve as the basic ammunition for most tools. Attackers leverage combo lists to automate the pr |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 2023 2024 993 able access accessing according account accounts across actionable active activities actor actors adaptability adapted add adding additional address addresses adhere adoption advanced advantage after against agent agents ahead aimed aiming aims alerts all allow allowing allows also alternating alternatively alumni ammunition among amongst analysis analytics analyzed announcement anomaly anonymity any app apparently appealing appear approach approximately apt29 are arsenal arsenal: as: aspects assets associated ato att&ck® attack attacked attacker attackers attacks attempt attempts attendees attention attributed auth authenticate authenticated authentication authenticity automate available backbone bad barriers based basic bav2ropc bec become been before behavior being benign better beyond blizzard blocked blog bolster borne both brand breaches breaching broad broader browser brute business businesses but campaigns can capabilities capable capitalizing case categorize centric chain chains challenge challenging chances channel channels chapter checker checker” children choice choose chosen chrome circulated clear client closed cloud college combination combinations combined combo combos common commonly communication complexity component comprehensive comprised compromise compromised compromising computing conceal conceals concepts concern concerns conclusion conduct conducted connection connections conscious consistently consisting console contextual continue continued continuity convenient core corporate countless cracked crafted create creates credential credentials critical crucial culture curated cutting cyber cybercriminals cybersecurity darknet dashboard data deal decrease decrypted defend defenders defense demand democratizing demonstrate demonstrates deployment deprecation designed despite detect detection detections develop different disclosed discovered discovery discussed displayed displaying distinguishing diverse doing dormant drawing dumps easily edge edu educate education educational educators eduf**ker eduf**ker: effective effectively effectiveness effort efforts elevated email emails emerged emerging emphasizes employ employed employing employs empower enable enables encompassing encrypted enhance enhances ensure ensuring entry environment environments especially essential essentially establish even events every evident evolving examining example examples exchange execute executed exercises exfiltrating sensitive exfiltration experienced exploit exploiting explore explored extends external extra facilitating fallen favor features features: field file financial firms focus force forums fostering free frequent frequently from functionalities further future gain gaining generated getting gmass good group guaranteeing guessing haas hackers hacking had hands harvested has have here highly hijack hijacked hinder how however human hygiene iam icon identified identifying identities identity illustrate imap impacted implement implementing importance inadequately inadvertently incident incidents includes including inclusion increased indiscriminately individuals industries informed ingenuity initial initiating installment installments instance institutions integration intelligence interconnected interesting intermediary introduction invest investigating its itself january keeping key kill known lack lacked lacking landscape laps largely launchpads layer layered leading leaked least led legacy leps level leverage leveraging lies light like list lists list” login logo lowering lowers machine mailboxes main maintain maintaining majority makes making malicious malware manage management many marketing masse may meant measures mechanisms members method methodologies methods mfa microsoft microsoft365 midnight might mind minimal minimize misconfigurations mitigate mitigating mitre model modern monitor monitoring more most multi multifactor must name named namely nation nature nearly necessarily necessitates needed nefarious networks new non not obfuscation obscene observed obtained offensive |
| Tags | Spam Malware Tool Threat Prediction Cloud Technical |
| Stories | APT 29 |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.