Get Permission
Microsoft is warning users of its Azure cloud platform that hackers are using several living off the land attack techniques to evade security measures, escalate privileges and deploy cryptominers. The software giant released a threat detection and mitigation strategy for the platform.
Hackers are using Azure LoLBins, which refers to weaponizing preinstalled Windows or Linux binary tools designed for legitimate purposes within the Azure platform. Attackers are increasingly employing stealthier methods to avoid detection. Evidence for a variety of campaigns has been witnessed, Microsoft notes. The usage of LoLBins is frequently seen, mostly combined with fileless attacks, where attacker payloads surreptitiously persist within the memory of compromised processes and perform a wide range of malicious activities. Together with the use of legitimate LoLBins, attackers’ activities are more likely to remain undetected.
Get Permission
The U.S. Cybersecurity and Infrastructure Security Agency warns that hackers are increasingly targeting a variety of cloud services by waging phishing schemes and brute-force attacks.
CISA reports in an alert issued Wednesday that attacks targeting cloud services have steadily increased since many organizations switched to a largely remote workforce as a result of the COVID-19 pandemic, with employees using a mix of corporate-owned and personal devices to access these services. Attackers are taking advantage of lax security practices, such as weak passwords and workers accessing data from unsecured laptops. Despite the use of security tools, affected organizations typically had weak cyber hygiene practices in place that allowed threat actors to conduct successful attacks, the CISA alert notes.
Get Permission
Location of organizations that Microsoft has identified as having been exploited via second-stage attacks as part of the SolarWinds Orion supply chain attack
Hackers who infiltrated government and business networks via a stealthy software update appear to have genuinely impacted about 50 organizations, says FireEye CEO Kevin Mandia.
Speaking of the supply chain attack that implanted a backdoor in the Orion network monitoring software built by Texas-based SolarWinds, and which was pushed to 18,000 of the firm s customers, Mandia noted that, while many have been referring to it as potentially the biggest intrusion in our history, the focus of the apparent cyberespionage campaign was much more targeted.
Get Permission
In his first remarks about the massive hacking operation that leveraged a tainted SolarWinds Orion software update, President Donald Trump on Saturday downplayed the seriousness of the incident and contradicted Secretary of State Mike Pompeo, who pointed a finger at Russia in a Friday radio interview.
In a pair of tweets on Saturday, Trump appeared to question whether Russia was involved in the hacking operation and opened up the possibility that China may have played a role. The Cyber Hack is far greater in the Fake News Media than in actuality, Trump tweeted on Saturday. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).