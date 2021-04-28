Cloud services can optimize resources, save time, increase automation, and take some of the security responsibility off of an organization’s plate. Considering its extensive value proposition, it’s no surprise that today’s advanced cyber-criminals are also using cloud technology to improve and scale their own operations. Stolen credentials lead to compromised businesses, and the cloud is making that process more effective than ever. Processing Stolen Credentials Used to be Tedious The traditional flow of cybercrime via credential theft involves compromising victims and deploying info-stealing malware to harvest account data. Due to password reuse, any compromised personal account can put a number of enterprises at risk, including employers. Once those credentials are obtained, they are sent to a server under the criminals’ control. With millions of records, manual processing is impossible so they run simple searches to find the top selling accounts — credit cards, email, Netflix, and the like. The group then manually reviews this prioritized list to find accounts with potential access to a high-value target. At this point, there will still be tens of thousands of logs, so the process can take from days to weeks.

Accounts deemed valuable but not used by the hacker group are then bundled and offered for sale on underground marketplaces. These are the ‘prime cuts’ that always sell well and are easy to process. The rest of the data is largely discarded. It could have value to the right buyer, but it’s hard to know who that may be. New Processes and Markets in the Cloud Can Expand Criminal Profits The cloud has allowed attackers to tweak that process. Just like any business, they can create new efficiencies and eliminate waste, increasing the return on their criminal investments. After the group takes their initial cuts of the stolen information, the rest can immediately be uploaded to a ‘Cloud of Logs.’ Access to this resource can be purchased for a monthly fee of between $350–$1,000. It may include thousands or millions of emails and passwords to popular sites like Google, Amazon, Twitter, Facebook and PayPal. The predictable monthly fee model that works so well for streaming services makes the ‘Cloud of Logs’ a stable source of primary income for the criminal organization. This streamlined process dramatically reduces the time from initial compromise to the user’s data being available for sale, and it maximizes the amount of people who will be victimized by a given breach.

