What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-07-16 07:26:11 | Acteurs de menace \\ 'Arsenal: comment les pirates ciblent les comptes cloud Threat Actors\\' Arsenal: How Hackers Target Cloud Accounts (lien direct) |
Introduction In today\'s interconnected world, cloud computing has become the backbone of countless businesses. However, with this rise in cloud adoption, malicious actors have adapted their strategies to compromise sensitive data stored in cloud environments and propagate threats throughout supply chains. One prevalent method is the use of tools specifically designed to automate attacks against cloud accounts, resulting in account takeover (ATO) and business email compromise (BEC) incidents. Keeping up with a tradition of trying to understand the attackers\' perspective, Proofpoint cloud threat researchers have obtained and analyzed various hacking tools used by threat actors. In this blog series, we\'ll showcase a few examples and explore the largely uncovered world of these tools, while examining their functionalities, the risks they pose, and how organizations can defend against them. Understanding toolsets: basic concepts and terminology Attack toolsets are purposefully crafted to enable, automate, and streamline cyber-attacks en masse. These toolsets exploit diverse weaknesses, from frequent misconfigurations to old authentication mechanisms, in order to gain access to selected resources. Often, attack toolsets are designed with specific aims in mind. In recent years, cloud accounts have become prime targets. But getting your hands on effective tools is not so trivial. Some toolsets are only sold or circulated within restricted channels, such as closed Darknet hacking forums, while others (especially older versions) are publicly available online. With a rising demand for hacking capabilities, hacking-as-a-service (HaaS) has become a prominent business model in today\'s cyber threat landscape, providing convenient access to advanced hacking capabilities in exchange for financial gain. As such, it lowers entry barriers for cybercriminals, allowing them to execute attacks with minimal effort. Regardless of their complexity, every attack tool aiming to compromise cloud accounts must utilize an initial threat vector to gain unauthorized access. Proofpoint\'s ongoing monitoring of the cloud threat landscape has led its researchers to categorize the majority of observed attacks into two primary threat vectors: brute-force attacks and precision attacks. In terms of sheer volume, brute-force attacks, encompassing techniques such as password guessing and various other methods, continue to maintain their status as the most prevalent threat vector. Despite the statistical nature of these attacks and their reliance on a "spray and pray" approach, they remain a significant threat. According to our research, roughly 20% of all organizations targeted by brute-force attacks in 2023 experienced at least one successful account compromise instance. The surprising effectiveness of brute-force methods, combined with their relative simplicity, makes this vector appealing not only to common cybercriminals, but also to sophisticated actors. In January 2024, Microsoft disclosed that it had fallen victim to a nation-state attack attributed to the Russian state-sponsored group APT29 (also known as TA421 and Midnight Blizzard). According to Microsoft\'s announcement, the attackers employed password spraying to compromise a legacy, non-production test tenant account that lacked multifactor authentication (MFA). After gaining access, attackers were able to quickly leverage it and hijack additional assets, ultimately exfiltrating sensitive data from various resources. This incident emphasizes the potential risk that brute-force and password spraying attacks pose to inadequately protected cloud environments. A brute-force attack kill chain, targeting cloud environments using leaked credentials and proxy networks. Combo lists, proxy lists and basic authentication Combo lists play a crucial role in facilitating systematic and targeted credential stuffing attacks. These lists, comprised of curated email address and password pairs, serve as the basic ammunition for most tools. Attackers leverage combo lists to automate the pr | Spam Malware Tool Threat Prediction Cloud Technical | APT 29 |
1
We have: 1 articles.
We have: 1 articles.
To see everything:
Our RSS (filtrered)
