Security firm Trend Micro has apparently revealed new evidence of botnets and malware not only being hosted in the cloud, but also being remotely controlled from cloud servers. The main goal for hackers has been revealed to be disguising their malicious software as regular traffic between corporate end points and cloud services.
Trend Micro has revealed in a blog post a case where hackers were using DropBox in order to host the command and control instructions for malware and botnets, which eventually made it past corporate firewalls. While the news is not new, the cloud has apparently increased in popularity as well as security risk. In the past, small files needed to be controlled by a command and control (C&C) system, which was usually hosted by hackers or placed on servers easily identified as suspicious.
With cloud-based systems however, hackers can now place the C&C on cloud servers and communicate with the botnets and malware like ‘normal traffic’, making it harder to be identified. The company has emphasized that any cloud-based solution can eventually be used as a host for C&C software. Companies not using any type of cloud-based solution but receive traffic spikes from any of them have some type of warning and are encouraged to investigate the activity.
However, this does not mean that every company using cloud-based solutions is now infected. Trend Micro has just shed some light on how hackers are able to and could try infecting corporate systems using the technique described above. A good counter-technique for security specialists in order to prevent such hacking practices is to closely monitor all traffic between end-point users and cloud-based solution, marking anomalies and suspicious activities as threat until otherwise proven to be ‘safe’.