Intruders also sit on social networks... but not to chat.
Experts have long been monitoring the actions of cybercriminals who abuse legitimate Internet services. Hackers, in turn, continue to invent new ways to integrate into popular applications in order to find more victims and stay in the shadows.
A recent analysis by Recorded Future found that at least a quarter of the 400 malware types exploited legitimate platforms between 2021 and 2022. Maintaining network protection is becoming increasingly difficult, as it becomes difficult to distinguish malicious traffic from normal traffic.
Cloud storage, instant messengers, mail, and social networks are most often used. You can select Pastebin, Google Drive, Dropbox, and Telegram. The latter is particularly popular among both hackers and victims. The app has a simple API and is difficult to block.
Infostealers (Trojans for collecting information) use legitimate services more often than malware. For example, the APT29 group uses Trello and Notion to manage its software and output information. Previously, the same group abused Google Drive and Dropbox.
During the analysis, it turned out that hackers used the Notion API to use the GraphicalNeutrino program to gain remote access to infected devices. This made it possible not only to upload additional malicious files, but also to use a local database to store stolen information about victims and other useful information.
According to the researchers, the attackers ' interest in such platforms will increase. Small groups take their cue from experienced cybercriminals and government hackers.
Especially troubling is the fact that, even though they know about the abuse of their services, some companies refuse to take action. For example, Steam said that it is more important for them to maintain the ability to freely exchange information between users.
Experts offer a comprehensive approach to protecting against such threats. This includes careful monitoring of traffic, applying machine learning techniques, and collaborating with incident response services.
In addition, users should be made aware of the potential risks and opportunities of social engineering.
Some experts suggest introducing strict rules similar to the GDPR (General Data Protection Regulation) to encourage companies to take a more responsible approach. However, it is still unclear how effective such measures will be.
Experts have long been monitoring the actions of cybercriminals who abuse legitimate Internet services. Hackers, in turn, continue to invent new ways to integrate into popular applications in order to find more victims and stay in the shadows.
A recent analysis by Recorded Future found that at least a quarter of the 400 malware types exploited legitimate platforms between 2021 and 2022. Maintaining network protection is becoming increasingly difficult, as it becomes difficult to distinguish malicious traffic from normal traffic.
Cloud storage, instant messengers, mail, and social networks are most often used. You can select Pastebin, Google Drive, Dropbox, and Telegram. The latter is particularly popular among both hackers and victims. The app has a simple API and is difficult to block.
Infostealers (Trojans for collecting information) use legitimate services more often than malware. For example, the APT29 group uses Trello and Notion to manage its software and output information. Previously, the same group abused Google Drive and Dropbox.
During the analysis, it turned out that hackers used the Notion API to use the GraphicalNeutrino program to gain remote access to infected devices. This made it possible not only to upload additional malicious files, but also to use a local database to store stolen information about victims and other useful information.
According to the researchers, the attackers ' interest in such platforms will increase. Small groups take their cue from experienced cybercriminals and government hackers.
Especially troubling is the fact that, even though they know about the abuse of their services, some companies refuse to take action. For example, Steam said that it is more important for them to maintain the ability to freely exchange information between users.
Experts offer a comprehensive approach to protecting against such threats. This includes careful monitoring of traffic, applying machine learning techniques, and collaborating with incident response services.
In addition, users should be made aware of the potential risks and opportunities of social engineering.
Some experts suggest introducing strict rules similar to the GDPR (General Data Protection Regulation) to encourage companies to take a more responsible approach. However, it is still unclear how effective such measures will be.
