Datadog Report Surfaces Pair of Sophisticated AWS Attacks

A report published by Datadog suggests that cybercriminal activity aimed specifically at cloud infrastructure services provided by Amazon Web Services are increasing in terms of both sophistication and scale.
In one case, a malicious user was able to access an account to create additional users of an identity access management service that were then authenticated via the AWS Console.
They then used that ability to access EC2 Instance Connect, a tool that enabled them to attempt to start EC2 instances in a region not being used by the customer.
In the second instance, an attacker created a high number of Fargate clusters deployed on the Amazon Elastic Container Service that were then used to run large numbers of containers for cryptomining purposes.
In less than two minutes, cybercriminals were able to create multiple ECS Fargate clusters with randomized names that were used to run containers created using ECS task definitions, with each task definition ensuring each cluster ran 25 tasks.
Overall, Datadog researchers suspect hundreds of ECS Fargate clusters and ECS tasks were created using 40 container images hosted on the Docker Hub that were used to deploy thousands of malicious containers.
Rew Krug, team lead for security evangelism at Datadog, said the speed at which these clusters were created indicates that cybercriminals better understand how to effectively leverage automation to compromise cloud computing environments at scale.
That's especially problematic because the cost of running all those malicious containers can, for many organizations, be prohibitive, he noted.
Collectively, these attacks illustrate the need to continuously monitor AWS environments to, for example, identify spikes in application programming interface calls that indicate an account has been compromised, he added.
Tools for tracking cloud costs can be used to also identify, for example, regions running containers that were never authorized for that purpose, he noted.
Of course, none of these issues would arise if the credentials required to access AWS accounts had not been compromised in the first place.
Anyone that has access to cloud services is always a primary phishing attack target.
Cybersecurity teams also need to make sure that privileges can't easily be escalated in the event credentials are compromised.
In general, cloud infrastructure services are more secure than on-premises IT environments, but the same processes used to make them easily accessible also make them vulnerable to malicious actors.
Cybercriminals today understand well how to employ the various tools and services made available by cloud service providers for their own ends.
In an age where many cloud resources are still provisioned by application developers with little to no appreciation for cybersecurity best practices, there will inevitably be an issue.
The challenge, as always, is to first reduce the odds a cloud service will be compromised by tightening cybersecurity controls and then, in the event there is a breach, having the means to detect and isolate it as quickly as possible.


This Cyber News was published on securityboulevard.com. Publication date: Mon, 29 Jan 2024 21:13:04 +0000


Cyber News related to Datadog Report Surfaces Pair of Sophisticated AWS Attacks

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
GCP to AWS migration: A Comprehensive Guide - Embarking on a GCP to AWS migration journey can be both exciting and challenging. Before we dive into the technical details, let's explore why businesses might consider migrating from GCP to AWS. While GCP offers a range of services, AWS boasts an ...
10 months ago Feeds.dzone.com
CrowdStrike Demonstrates Cloud Security Leadership at AWS re:Invent - CrowdStrike is honored to be named Partner of the Year for several 2023 Geo and Global AWS Partner Awards at Amazon Web Services re:Invent 2023, where we are participating this year as a Diamond Sponsor. These accomplishments demonstrate our ...
1 year ago Crowdstrike.com
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
2 months ago Aws.amazon.com
Shaping the Future of Finance: The Cisco and AWS Collaboration in EMEA - The collaboration between Cisco and Amazon Web Services in the Europe, Middle East, and Africa region-combining each company's market leading strengths-continues to deliver impressive outcomes for our customers, notably within the Financial Services ...
11 months ago Feedpress.me
Datadog Report Surfaces Pair of Sophisticated AWS Attacks - A report published by Datadog suggests that cybercriminal activity aimed specifically at cloud infrastructure services provided by Amazon Web Services are increasing in terms of both sophistication and scale. In one case, a malicious user was able to ...
10 months ago Securityboulevard.com
AWS CloudQuarry: Digging for Secrets in Public AMIs - Money, secrets and mass exploitation: This research unveils a quarry of sensitive data stored in public AMIs. As a best practice, AMI creators should not include credentials, including AWS account credentials, in published AMIs. We wanted to scan all ...
6 months ago Packetstormsecurity.com
CVE-2024-37293 - The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or ...
5 months ago Tenable.com
SentinelLabs Details Discovery of FBot Tool for Compromising Cloud Services - SentinelLabs today published a report identifying a Python-based tool that cybercriminals are using to compromise cloud computing and software-as-a-service platforms. Alex Delamotte, senior threat researcher at SentinelLabs, said FBot is used to take ...
10 months ago Securityboulevard.com
Rundown of Security News from AWS re:Invent 2023 - Amazon Web Services has been unveiling a steady stream of announcements during its AWS re:Invent 2023 event in Las Vegas this week. The focus over the four days, as expected, is on AI as AWS strives to show that its offerings can match - or surpass - ...
1 year ago Darkreading.com
7 Rules to Improve AWS Security and Reduce Unwanted Incidents - Security of your AWS infrastructure is ultimately up to you. As the largest cloud services provider, AWS invests heavily to ensure its cloud environment is secure. Much of AWS security is still left to the customer, especially with regard to managing ...
1 year ago Beyondtrust.com
A Single Cloud Compromise Can Feed an Army of AI Sex Bots – Krebs on Security - “Once initial access was obtained, they exfiltrated cloud credentials and gained access to the cloud environment, where they attempted to access local LLM models hosted by cloud providers: in this instance, a local Claude (v2/v3) LLM model from ...
2 months ago Krebsonsecurity.com
Comprehensive Cloud Monitoring Platforms: Ensuring - Platforms for comprehensive cloud monitoring come into play in this situation. In this article, we will explore the significance of comprehensive cloud monitoring platforms and delve into some leading solutions available in the market today. ...
11 months ago Feeds.dzone.com
A Handbook for Managing Containers on Amazon Web Services - Container management is a way to help you create, govern, and maintain your containers. There are tools and services available that can automate the creation, deployment, maintenance, scaling, and monitoring of application or system containers. In ...
1 year ago Trendmicro.com
What happens when you accidentally leak your AWS API keys? - My situation had no ill consequences, but it could have if I had used my actual email for the script or if my project was bigger and I had used AWS or another cloud provider and hardcoded those credentials. In a later class I did learn how to safely ...
8 months ago Isc.sans.edu
Third Of European Businesses Have Adopted AI, AWS - AWS finds AI already adopted at sizeable number of European businesses, resulting in increased revenues, productivity. An insight into the adoption rate of artificial intelligence within the business community has been offered in a new report from ...
10 months ago Silicon.co.uk
CVE-2023-35165 - AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages `aws-cdk-lib` 2.0.0 until 2.80.0 and `@aws-cdk/aws-eks` 1.57.0 ...
1 year ago
Google Cloud Report Spotlights 2024 Cybersecurity Challenges - As the New Year dawns, a cybersecurity report from Google Cloud suggests that while there are many challenges ahead, it will also become simpler for cybersecurity teams to leverage artificial intelligence to better defend IT environments. John ...
11 months ago Securityboulevard.com
AWS Root vs IAM User: What to Know & When to Use Them - In Amazon Web Services, there are two different privileged accounts. One is defined as Root User and the other is defined as an IAM User. In this blog, I will break down the differences of an AWS Root User versus an IAM account, when to use one ...
1 year ago Beyondtrust.com
What's new in the MSRC Report Abuse Portal and API - The Microsoft Security Response Center has always been at the forefront of addressing cyber threats, privacy issues, and abuse arising from Microsoft Online Services. Building on our commitment, we have introduced several key updates to the Report ...
5 months ago Msrc.microsoft.com
Understanding the Escalating Threat of Web DDoS Tsunami Attacks - Whether it's hacktivists conducting cyberwarfare or ransom-seeking criminals targeting vulnerable firms in financial services, retail, energy, or transportation, a new breed of destructive distributed denial of service attack - the Web DDoS Tsunami - ...
11 months ago Cyberdefensemagazine.com
AWS WAF: Secure CDN, Load Balancers, API Servers - DZone - If you want your application to contain specific validation tokens in headers, you can specify such rules in the WebACL associated with the Application Load Balancer. With AWS WAF, you can create security rules that control bot traffic and block ...
2 months ago Feeds.dzone.com
The State of DDoS Attacks: Evolving Tactics and Targets Businesses Must Be Aware Of - Now, these attacks are becoming more dangerous, targeted, and detrimental as they evolve. As DDoS attacks become more sophisticated, adversaries are able to hone in on the most vulnerable targets, ranging from small- and medium-sized businesses to ...
11 months ago Cyberdefensemagazine.com
Varonis enhances DSPM capabilities with Azure and AWS support - Varonis Systems has expanded capabilities for cloud databases and object storage in AWS and Azure. This release accelerates customers' data security posture management initiatives with deeper risk visibility, advanced threat detection, and automated ...
11 months ago Helpnetsecurity.com
CVE-2021-40830 - The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)