Researchers have identified a new cybercrime tactic they’ve dubbed “Infrastructure Laundering” exploiting mainstream Amazon Web Services and Microsoft Azure. Threat actors operating “hosting companies” rent IP addresses from mainstream hosting providers and map them to their criminal client websites. You can read the details of this new threat here:
https://www.silentpush.com/blog/infrastructure-laundering/
Erich Kron, security awareness advocate at cybersecurity company KnowBe4, commented:
“It’s no secret that phishing and other scam websites don’t stay online very long, and this is a clever way to acquire the IP address needed to host credential stealing, malware spreading, or other scam websites with little or no risk and very low cost. By utilizing major providers, the bad actors make it much tougher for organizations to block IP ranges, because those major providers may also be providing legitimate IP addresses for important web services. This precludes the ability to block large chunks of addresses easily.
Because the bad actors are not likely to set up an account using their own information, they’re liable to rely on stolen accounts to acquire these new IP addresses. Because much of the account takeovers involve the use of stolen or cracked credentials, it makes the need for the use of a phishing resistant Multi-Factor Authentication (MFA) technology critical, especially on any accounts with elevated permissions.
Organizations should review the accounts with access, audit transactions, and educate people on how to spot potential malicious activity within their cloud accounts.”
I strongly suggest that you do read it as it is eye opening. Even for someone like yours truly who lives this stuff on a daily basis.
Related
This entry was posted on February 3, 2025 at 2:56 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
“Infrastructure Laundering” Exploits AWS and Azure to Launch Attacks
Researchers have identified a new cybercrime tactic they’ve dubbed “Infrastructure Laundering” exploiting mainstream Amazon Web Services and Microsoft Azure. Threat actors operating “hosting companies” rent IP addresses from mainstream hosting providers and map them to their criminal client websites. You can read the details of this new threat here:
https://www.silentpush.com/blog/infrastructure-laundering/
Erich Kron, security awareness advocate at cybersecurity company KnowBe4, commented:
“It’s no secret that phishing and other scam websites don’t stay online very long, and this is a clever way to acquire the IP address needed to host credential stealing, malware spreading, or other scam websites with little or no risk and very low cost. By utilizing major providers, the bad actors make it much tougher for organizations to block IP ranges, because those major providers may also be providing legitimate IP addresses for important web services. This precludes the ability to block large chunks of addresses easily.
Because the bad actors are not likely to set up an account using their own information, they’re liable to rely on stolen accounts to acquire these new IP addresses. Because much of the account takeovers involve the use of stolen or cracked credentials, it makes the need for the use of a phishing resistant Multi-Factor Authentication (MFA) technology critical, especially on any accounts with elevated permissions.
Organizations should review the accounts with access, audit transactions, and educate people on how to spot potential malicious activity within their cloud accounts.”
I strongly suggest that you do read it as it is eye opening. Even for someone like yours truly who lives this stuff on a daily basis.
Share this:
Like this:
Related
This entry was posted on February 3, 2025 at 2:56 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.