Thursday, December 5, 2024
HomeCyber AttackCyber Criminals Exploiting Google Drive, OneDrive to Hide Malicious Traffic

Cyber Criminals Exploiting Google Drive, OneDrive to Hide Malicious Traffic

Published on

SIEM as a Service

Threat actors are actively modifying their TTPs to counter the advanced security mechanisms and tools to accomplish their illicit goals for several malicious purposes.

Hiding malicious traffic on cloud storage platforms is not an entirely new concept, and threat actors are shifting toward this concept.

Security researchers at Insikt recently identified that hackers actively exploit popular and trusted cloud platforms to hide malicious traffic.

- Advertisement - SIEM as a Service

Hiding Malicious Traffic

This strategy boosts data theft efficiency and weakens the security mechanisms and defense implemented. In the case of exploitation of this approach, the APT groups take the lead, and the less advanced groups take the second lead.

This type of exploitation by hackers shows how robust, adaptable defense strategies and security mechanisms are needed to mitigate such evolving attacks.

C2 infrastructure setup (Source – Insikt)

In the report shared with Cyber Security News, researchers noted that limited reporting delays the exact trend analysis. However, the following key things suggest a rising trend in LIS abuse:-

  • Well-known malware’s LIS (Legitimate Internet Services) abuse
  • New strain adoption
  • APT innovation

Besides this, shifting threat tactics reduce the IOC blocking and efficacy of the basic detections. But, the solution for an effective defense system, the following things have to be performed:-

  • Multi-method approach (network, file, log detection)
  • Proactive Internet service assessment
  • Attack simulations

Security analysts analyzed more than 400 malware families, and they identified the following data:- 

  • Use of LIS (25%)
  • Use of multiple LIS (68.5%)
  • Use of Infostealers (37%)

Most abused cloud platforms:-

  • Google Drive
  • OneDrive

Most abused messaging apps:-

  • Telegram
  • Discord

For robust defense, properly learning about all the legitimate and malicious service usage is one of the key factors for comprehensive detection and security.

Recommendations

Here below, we have mentioned all the provided recommendations:-

  • Properly understand service contexts for lasting security.
  • Make sure to enhance nuanced detection. 
  • Implement TLS interception for visibility.
  • Make sure to flag the malicious LIS usage.
  • Deploy proactive threat-hunting techniques.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024

One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s...

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024

One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s...

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...