The Ever-shifting Habits of Cloud-focused Malware Campaigns

Presented at BSidesLV 2023, Aug. 9, 2023, 5 p.m. (Unknown duration)

Cloud-focused malware campaigns have continued to evolve as adoption of cloud technologies increases. After observing a shift away from solely targeting cloud compute resources, and on to serverless environments and containers, it's clear that cloud services are an increasingly attractive target for malware campaigns pursuing a variety of objectives. In this session, Matt will discuss analysis of recent cloud-focused malware campaigns, including those which have diversified from the common objective of cryptojacking. TTPs, including persistence mechanisms and defence evasion techniques specific to cloud environments will be discussed. Matt will also provide an overview of recent trends in proprietary telemetry of cloud attacks, including an increase in the use of cloud services themselves to support malware attacks.

Presenters:

• Matt Muir
  Matt is a security researcher with a passion for UNIX and UNIX-like operating systems. He previously worked as a macOS malware analyst and his background includes experience in the areas of digital forensics, DevOps, and operational cyber security. Matt enjoys technical writing and has published research including pieces on TOR browser forensics, an emerging cloud-focused botnet, and the exploitation of the Log4Shell vulnerability.

Links:

• https://www.bsideslv.org/talks#ZWU3QQ

Similar Presentations:

• DEF CON 30 (2022) / Cloud Threat Actors: No longer cryptojacking for fun and profit
• ToorCon: Seattle (Beta) (2007) / Anycast Cloud Bursting
• Black Hat Europe 2017 / Detecting Threats In The Cloud With The Cloud