Underground cloud services may seem like an oxymoron, but they are quite real, and criminals are using them to speed up attacks and leave very little room for compromised businesses to react.
This is according to a new report from cybersecurity firm Trend Micro, which found terabytes of internal business data and logins - including for Google, Amazon and PayPal - for sale on the dark web.
The logins are sold through access to the cloud logs where they’re stored. As a result, Trend Micro argues, more accounts are monetized and the time from compromise to the account actually being used for nefarious purposes is cut from weeks to days or hours.
Just as businesses enjoy the speed and scalability of cloud services, so do criminals; more computing power and bandwidth allows them to optimize their operations.
Criminals that buy the logs of cloud-based stolen data usually use the data for the purposes of secondary infection, with ransomware being one of the more popular choices.
The report argues that this is a new trend that may gain even more popularity in the future, and even create a “new type of cybercriminal”: an expert in data mining that uses machine learning to enhance pre-processing and extraction of information to maximize usefulness to potential buyers.
Trend Micro believes criminals will focus on standardizing their services and pricing.