The Threat of Cloud Malware

Published on February 9, 2022  |  Cyberfort Advisors
cloud malware

We’ve recently talked about everything you need to know about cloud ransomware, but that’s only one slice of the cloud malware pie. Trends in cloud malware are gaining popularity among bad actors, and it’s important to know what those threats are and create solutions for recognizing and preventing these attacks.

Why Are Cloud Malware Incidents Increasing?

Cloud systems are a new and exciting challenge for cybercriminals. Cloud-based systems have exploded in popularity since the onset of the COVID-19 pandemic, they’re open to the Internet and offer a straightforward and easy-to-learn target for bad actors. And because many teams are now operating remotely and using dozens of different mobile and connected devices to get their work done from new and unfamiliar networks (personal connections, public Wi-Fi, etc.), the opportunities for cloud malware to be implemented are also growing.

A Netskope survey found that businesses use an average of nearly 1,200 cloud services today, and about 93 percent of those services are not secured.

Cloud Malware: Common Types

The most common cloud malware attacks are DDoS attacks, hypercall attacks, hypervisor DoS, hyperjacking, and exploiting live migration.

A DDoS (distributed denial-of-service) attack is a form of cloud malware that uses large-scale botnets to overwhelm a network with malicious traffic. This slows down and prevents the cloud computing system from working properly. DDoS attacks often occur in public clouds and, if left to spread unknowingly, can give attackers the chance to ultimately alter cloud computing behaviors.

Hypercall attacks occur as an intrusion where the attackers masquerade as a guest and use the hypercall interface to request domain access from a host. From there, the attackers can compromise your virtual machine monitor or host hypervisors and affect the operation of your virtual machines.

Hypervisor DoS is another type of attack that affects the hypervisor. Attackers use this attack to deny service to hosts, and because hosts are often interconnected, the infected hypervisor can spread to other areas and virtual machines within a network.

Hyperjacking takes place when an attacker works to take control of the hypervisor by using a rootkit (an often malicious collection of computer software designed to enable computer access that is otherwise not permitted) they’ve installed on a virtual machine. A successful hyperjacking occurs when the attacker acquires the access needed to take over the entire host, allowing for modification of your virtual machines.

Exploiting live migration is the final piece of cloud malware we wanted to talk about here. Migration to the cloud, or from one cloud to another, is like putting fish in a barrel and hoping no one will try to shoot. As a business or individual performs an automated live migration, an attacker can corrupt the cloud management system and manipulate it to create multiple fake migrations, move those resources to a virtual network or cloud of their own choosing, and even make changes to migrated systems in order to leave them open for a later attack.

Build Your Security System in a CyberFort Cloud

Hackers are getting cleverer in their attacks – so much so that many breaches (cloud-based or not) are being discovered and reported years after the initial incident. And CyberFort wants to guide your cyber assets to the highest security and compliance standards through various data security services, including:

  • data loss prevention
  • file activity monitoring
  • endpoint security
  • user activity monitoring
  • enterprise mobility management

Contact us today to get a network threat assessment.