Cloud services can optimize resources, save time, increase automation, and take some of the security responsibility off of an organization’s plate.
Considering its extensive value proposition, it’s no surprise that today’s advanced cyber-criminals are also using cloud technology to improve and scale their own operations.
Stolen credentials lead to compromised businesses, and the cloud is making that process more effective than ever.
Processing Stolen Credentials Used to be Tedious
The traditional flow of cybercrime via credential theft involves compromising victims and deploying info-stealing malware to harvest account data. Due to password reuse, any compromised personal account can put a number of enterprises at risk, including employers.
Once those credentials are obtained, they are sent to a server under the criminals’ control. With millions of records, manual processing is impossible so they run simple searches to find the top selling accounts — credit cards, email, Netflix, and the like.
The group then manually reviews this prioritized list to find accounts with potential access to a high-value target. At this point, there will still be tens of thousands of logs, so the process can take from days to weeks.
Accounts deemed valuable but not used by the hacker group are then bundled and offered for sale on underground marketplaces. These are the ‘prime cuts’ that always sell well and are easy to process. The rest of the data is largely discarded. It could have value to the right buyer, but it’s hard to know who that may be.
New Processes and Markets in the Cloud Can Expand Criminal Profits
The cloud has allowed attackers to tweak that process. Just like any business, they can create new efficiencies and eliminate waste, increasing the return on their criminal investments.
After the group takes their initial cuts of the stolen information, the rest can immediately be uploaded to a ‘Cloud of Logs.’
Access to this resource can be purchased for a monthly fee of between $350–$1,000. It may include thousands or millions of emails and passwords to popular sites like Google, Amazon, Twitter, Facebook and PayPal.
The predictable monthly fee model that works so well for streaming services makes the ‘Cloud of Logs’ a stable source of primary income for the criminal organization. This streamlined process dramatically reduces the time from initial compromise to the user’s data being available for sale, and it maximizes the amount of people who will be victimized by a given breach.
Accounts deemed valuable but not used by the hacker group are then bundled and offered for sale on underground marketplaces. These are the 'prime cuts' that always sell well and are easy to process.
Instead of just the one primary group picking over the data, there will be as many as the platform allows. Diamonds in the rough will not be discarded or overlooked. More accounts are monetized, and it can happen in a matter of hours instead of weeks. Since criminals can execute their attacks in a much more effective way, they can also target a larger number of organizations, potentially leading to an increase in overall attacks.
Specialized Talent Makes Illicit Marketplaces Even More Dangerous
The criminal potential of the stolen data is used to the fullest extent, because the information is distributed among different cyber-criminals specializing in different crimes: Some are good at stealing bitcoins, others are professional at defrauding online shopping sites, BEC, ransomware, phishing, etc.
With this new business structure, data is king now more than ever before. Criminal businesses will need data mining specialists to reap the greatest possible return. This role will sit in the middle of the organization leveraging machine learning to identify high-value targets and efficiently bundle every data type that will be attractive to different buyers.
Data analysts and machine learning experts are a hot commodity in the business world, as are cloud architects and engineers. It’s not surprising that cyber-criminals also value this expertise.
Cloud technologies are commonly designed to scale business to be more agile and cost- effective – generally helping a business reach its full potential. Criminal cloud-based logs do the same, and like any business, hackers are looking for experts who can optimize their results.
Defending Your Organization from Advanced Threats: What You Should Know
For the defending organization, the time gap from when information is stolen to when it will be used is becoming much shorter. Organizations now have much less time to detect and respond to an incident of credential theft. This will only accelerate as this criminal business model continues to mature.
Organizations must strengthen the foundation of their security posture to identify breaches quickly. Educating employees on the basics of cybersecurity is also important. Focus education efforts on why it matters to them and how their diligence can help protect the company.
The risks facing organizations haven’t necessarily changed, but the stakes are being raised. As criminals accelerate attacks and expand their capabilities in the cloud, businesses need a solid security strategy to stay a step ahead.
