![]() ![]() Steam, for instance, the video game sales and community platform operated by Valve, was earlier this year seen being abused, in conjunction with Telegram, to deploy the Vidar stealer, according to an Emerging Threats writeup. Social media platforms were the fourth-most abused category, according to the analysis, including Instagram, Mastodon, Facebook, Twitter, VKontakte (in Russia) and others. The group has also abused Google Drive and Dropbox forX various operations. In that case, the hackers were abusing Notion’s API for command and control communications via malware known as GraphicalNeutrino, which enabled the delivery of additional malware and use of the platform’s database feature to both store victim information and stage payloads for download, according to that analysis.ĪPT29, which is also linked to the SVR and known as one of Russia’s premiere cyberespionage operators, has previously used project management software Trello in a similar fashion, where malware both allowed for data gathering and exfiltration on specific targets and delivery of other malware to those targets, if necessary. Other messaging services are also abused, including Slack, the ubiquitous workplace collaboration platform, which has been used as a command and control platform by hackers linked to the Russian Foreign Intelligence Service, or SVR.Īnother recent example of Russian government-linked hackers abusing legitimate services came to light in January, when Recorded Future detailed how a group it tracks as BlueBravo - also known as APT29 or Nobellium - was using productivity and collaboration service Notion as part of its operations. “Both services are free, widely used in both victim environments and the cybercriminal underground, and thus hard to block, and their APIs are also user-friendly and straightforward to use,” the researchers wrote. Telegram is “by far the most common” service abused in such operations, the researchers said, followed by Discord. Pastebin, which allows users to post text that can be copied and pasted, led the way, followed by Google Drive and Dropbox. “Using this knowledge helps in determining which services to flag or block, developing detection strategies, proactively identifying services susceptible to abuse, and employing advanced behavioral detections, all while balancing an organization’s security and operational requirements.”Ĭloud storage platforms are the most abused legitimate services, followed by messaging apps, email services and social media. “An effective defense against the increasing abuse of legitimate internet services demands a nuanced approach, grounded in a comprehensive and systematic understanding of which and how these services are abused across diverse malware categories and threat actors,” said Julian-Ferdinand Vögele, a threat intelligence analyst with Recorded Future’s Insikt Group. The goal is to help those tasked with defending networks better understand how such services are used and abused within their environments, hopefully helping them take a more refined and proactive approach to detections. ![]() That cybercriminals and state-aligned hackers abuse legitimate web services - such as email providers, messaging services, social media platforms, photo sharing sites, and file storage and transfer services - as part of their operational infrastructure has been studied for years.īut in an analysis from Recorded Future’s Insikt Group, shared exclusively with CyberScoop, researchers attempted to categorize what types of malware most frequently abuse such services and how, offering a window into the current state of play based on activity observed in 20 on the Recorded Future Triage sandbox platform, as well as outside sources. Criminal hackers have always abused legitimate web services such as Gmail and Facebook to do their bidding, but increasingly they are finding new ways of blending into popular applications to avoid detection and find unsuspecting victims.Īn analysis of more than 400 malware families deployed over the past two years found that at least a quarter of them abused legitimate internet services in some way as part of their infrastructure, allowing malicious hackers to more easily blend in with normal traffic and complicating the job of those tasked with defending networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |