Threat actors look with great interest at cloud services that could be abused for several malicious purposes, like storing malware or implementing command and control servers.
Security researchers already spotted some malware hosted on the Microsoft Azure platform.
Researchers at AppRiver observed attackers deploying malware on the Microsoft Azure platform, the bad news is that those malicious codes were not removed after some weeks, on May 29.
“Now the attacks have escalated to malware being hosted on the Azure service. Not only is Azure hosting malware, it is also functioning as the command and control infrastructure for the malicious files” reads the analysis published by AppRiver.
“On May 11, 2019, malware researchers @JayTHL & @malwrhunterteam discovered the malicious software on Azure. It was reported to Microsoft on May 12 for abuse via ticket #SIR0552640. However, the original malware (plus additional samples uploaded since) still resided on the Azure site as of May 29, 2019 – 17 days later.”
Experts pointed out that Azure is failing to detect the malware hosted on Microsoft’s servers.
“No service is infallible to being attacked or exploited. It’s evident that Azure is not currently detecting the malicious software residing on Microsoft’s servers. However, if a user attempts to download the
In one case, a sample named searchfile.exe was uploaded to VirusTotal on April 26, 2019. Even is Windows Defender detects the malware its presence on Azure is not currently blocked. Unfortunately, experts reported many other similar cases.
Experts believe that this trend will continue to grow, threat actors will not only abuse Microsoft Azure, but other cloud services (i.e. Google Drive, Dropbox, and Amazon) will be exploited by attackers to avoid detection.
(SecurityAffairs – Microsoft Azure, hacking)