Mar 25 2025

Cybercriminals Take Advantage Of U.S. Cloud Providers

Category: Cloud computing,Cybercrime,Information Securitydisc7 @ 8:51 am

What if cybercriminals could originate their traffic from within the United States — at will?

Cybercriminals from countries like China and Russia are increasingly exploiting U.S.-based cloud services, such as Amazon Web Services and Microsoft Azure, to conduct attacks against American entities. By utilizing infrastructure within the United States, they can circumvent geolocation and IP-based filtering mechanisms that typically scrutinize foreign-originated malicious traffic. This strategy enables them to host deceptive content, including counterfeit trading applications, gambling platforms, and phishing sites targeting U.S. businesses and citizens.

The agility of cloud services allows these malicious actors to rapidly deploy and dismantle their operations. They can establish a harmful environment, execute their schemes within a short timeframe, and then terminate the setup before detection measures can respond effectively. This transient nature of cloud-based attacks complicates efforts to trace and mitigate such threats. ​

Compounding the issue, cybercriminals often “sublet” their rented cloud infrastructure to other malicious parties. This practice obscures the true origin of attacks and makes it challenging for cloud providers and authorities to identify and hold the actual perpetrators accountable. Multiple malicious activities can emanate from a single public IP address associated with a front company, further hindering effective monitoring and intervention. ​

In response to these evolving tactics, the U.S. Department of Commerce proposed a rule last year requiring cloud providers to collect data from customers to ascertain whether each potential customer is foreign or U.S.-based. This measure aims to enhance the ability to track and prevent the misuse of U.S. cloud infrastructure by foreign cybercriminals. ​

The increasing misuse of cloud services underscores the need for more robust security protocols and vigilant monitoring by cloud providers. Implementing stricter verification processes and enhancing the transparency of customer activities are critical steps in mitigating the exploitation of cloud platforms for cyberattacks.​

Collaboration between cloud service providers, regulatory bodies, and cybersecurity experts is essential to develop comprehensive strategies that address these threats. By sharing information and resources, stakeholders can better detect, prevent, and respond to the sophisticated use of cloud infrastructure by cybercriminals, thereby safeguarding U.S. businesses and citizens from such malicious activities.

For further details, access the article here ​Above the Law

Fundamentals of Cloud and Cloud Security

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot | Comprehensive vCISO Services | ISMS Services | Security Risk Assessment Services

Tags: Cloud providers, Cybercriminals

Jan 29 2024

Cybercriminals embrace smarter strategies, less effort

Category: Cyber crime,Cybercrimedisc7 @ 8:20 am
Cybercriminals embrace smarter strategies, less effort

2024 is shaping up to be a record-breaking year for data breaches, according to Experian. Despite 2023 being labeled as a ‘successful’ year for malicious actors, the upcoming months may bring forth developments that could further disrupt the cybersecurity landscape.

Supply chain vulnerabilities amplified

There’s no question third-party data breaches have made headlines. With increased data collection, storage, and movement, there are plenty of partners down the supply chain that could be targeted. We predict attacks on systems four, five or six degrees from the source as vendors outsource data and technology solutions who outsource to another expert and so on.

Digital transformation is expanding threat surfaces. SaaS platforms and public cloud infrastructures, are pushing the perimeter out into the internet itself—putting users at greater risk.

When trying to achieve a goal, it’s said that taking small steps can lead to big results. Hackers could apply that same rule. Instead of making drastic moves and trying to reap instant reward such as with ransomware, bad actors may manipulate or alter the tiniest bits of data to stay under the radar such as changing a currency rate or adjusting the coordinates for transportation, which can have a major impact.

It’s widely known who the major players are globally that sponsor attacks and a new country in South Asia may join the international stage with their large population of engineers and programmers. While reportedly having been in the game focusing cyberattacks regionally due to political tensions, this country may broaden their sights in the future.

Plutonium, terbium, silicon wafers — these rare earth materials that are the building blocks for today’s hardware are rapidly becoming the most sought-after resources on the planet. Any disruption to an strained supply chain could send the industry (and the economy that relies on these materials) spinning.

This presents an intriguing opportunity for threat actors seeking mass disruption or nations looking to corner markets.

“Cybercriminals are continually working smarter, not harder,” said Michael Bruemmer, VP, Global Data Breach Resolution at Experian. “They are leveraging new technologies like artificial intelligence and applying their talents in different ways to be more strategic and stay a step ahead. Organizations should not ignore even the slightest security abnormalities and be more aware of what global interests may make them a target.”

Winning from the inside

Like drug cartels, cybergangs are forming sophisticated organizations as joining like-minded actors can be incredibly advantageous. This spans globally with countries potentially helping each other to advance common goals and interests. We’ll see more hackers for trade, crews looking to expand their monopolies, and cyberwarfare alliances.

In 2024, enterprising threat actors may target more publicly traded companies to gain insights to cheat the stock market or plan their attacks and sell their stash before value nosedives. Rather than breach an organization and play in the underground with stolen data, threat actors could leverage data extraction and their talents in plain sight as everyday investors.

“Today, perpetrators can come from anywhere in the world and bring with them robust resources and expertise,” added Jim Steven, Head of Crisis and Data Response Services at Experian Global Data Breach Resolution in the United Kingdom. “There are many global crime syndicates and nation-backed operations, so companies need to invest in sophisticated prevention and response methods to protect themselves.”

Learn how to access the dark web safely and not fall victim to cybercrime

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Cybercriminals