Clouds Of Logs: An Evolving Malware Data Collective Marketplace

Cybersecurity intelligence firm KELA has compiled a report presenting the rise of variants and MaaS operations that have grown substantially in the first quarter of 2023, raising the associated risk for organizations and individuals.

KELA’s report highlights the evolving MaaS marketplace referred to as “Clouds of Logs,” focusing on threat actors’ subscription-based access to what is described as private, cloud-hosted log collections from their info-stealing malware operations.

2023 Emerging Info Stealers:

  • Titan: appeared on Russian-speaking hacker forums in November 2022. A Go-based info-stealer targeting 20 web browsers
  • LummaC2: Targets over 70 browsers, cryptocurrency wallets, and two-factor authentication extensions
  • Stealc: Analyzed by SEKOIA in February 2023. A lightweight stealer. Targets over 22 web browsers, 75 plugins, and 25 desktop wallets
  • WhiteSnake: Attacks Windows & Linux. First seen on hacker forums in February 2023 as an email, Telegram, Steam, and cryptocurrency wallet stealer

Clouds of Logs is presumably a safer alternative to automated log markets, created to give data sellers a simpler way to monetize their activity without the involvement of middlemen.

KELA believes that the MaaS market will preserve its popularity this year, so the use of info-stealers will continue to be substantial.

Dave Ratner, CEO, HYAS had this to say:

   “With the increase in info-stealing malware, visibility into the communication patterns coming out of an enterprise is increasingly important, across both corporate and production environments, to ensure that anomalous outbound communications are identified, inspected, and shut down quickly and efficiently.  Other than preventing the malware from breaching the environment in the first place, this can be the best protection for an organization and drive a true business resiliency strategy.”

This is another one of those cases where the bad guys are quickly evolving to make your life miserable. Thus you need to take action to make sure that you’re not a victim by doing everything that you can to make sure that your IT environment is safe from these threat actors.

Leave a Reply

%d bloggers like this: