Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Microsoft Sounds Alarm on Weaponized Virtual Machines on the Cloud

    By
    PEDRO HERNANDEZ
    -
    August 23, 2017
    Share
    Facebook
    Twitter
    Linkedin
      cloud security

      Microsoft has some bad news for businesses hoping to find a safe haven from cyber-attackers in the cloud. IT departments can now add weaponized virtual machines on the cloud to their ever-expanding list of cybersecurity concerns.

      The Redmond, Wash., software giant recently released its Security Intelligence Report Volume 22, compiled using threat data gathered during the first quarter of 2017 (Q1). Unsurprisingly, attackers are following their targets to where the action is, and these days, that increasingly means the cloud.

      “In a cloud weaponization threat scenario, an attacker establishes a foothold within a cloud infrastructure by compromising and taking control of one or more virtual machines,” explained the report. “The attacker can then use these virtual machines to launch attacks, including brute force attacks against other virtual machines, spam campaigns that can be used for email phishing attacks, reconnaissance such as port scanning to identify new attack targets, and other malicious activities.”

      During Q1, Microsoft’s Azure Security Center service witnessed a number of outbound attack attempts, chiefly efforts to establish communications with malicious IP addresses (51 percent) and RDP (Remote Desktop Protocol) brute force attempts. Attackers also tried to use cloud-based virtual machines to spew spam (19 percent), embark on port-scanning expeditions (3.7 percent) and try to brute force their way past SSH (Secure Shell) protections.

      When a virtual machine is compromised, they often “phone home” to command-and-control servers. The vast majority of those connection attempts are made to malicious IP addresses originating in China (89 percent), followed by the United States (4.2 percent).

      In terms of inbound attacks on Microsoft Azure, most stem from China (35.1 percent) and the United States (32.5 percent). Korea is a distant third with 3.1 percent.

      Not content to lock up users’ PCs with ransomware, attackers are increasingly targeting both personal and business cloud accounts, the company’s security researchers warned.

      “There was a 300 percent increase in Microsoft cloud-based user accounts attacked year-over-year (Q1-2016 to Q1-2017),” they stated in a Microsoft Secure Blog post, underscoring the need for both businesses and individuals to practice strong password habits. “The number of account sign-ins attempted from malicious IP addresses has increased by 44 percent year over year in Q1-2017.”

      Microsoft advises enterprise IT departments to implement risk-based conditional access policies, whereby they can restrict access to trusted devices and/or IP addresses, mitigating the risk of weak or compromised credentials.

      Ransomware continues to be problem, although it should be noted that the threat intelligence referenced by the latest Security Intelligence Report predates this spring’s massive ransomware outbreaks. In May, the WannaCry ransomware, which latched onto exploits allegedly stolen from the U.S. National Security Agency (NSA), spread like wildfire, affecting the IT systems of hospitals in the U.K. and businesses worldwide.

      In March 2017, with a ransomware encounter rate of 0.17 percent, users in the Czech Republic were most likely to run into the insidious form of malware, followed by Korea (0.15 percent) and Italy (0.14 percent). Upcoming editions of Microsoft’s report may reveal if WannaCry and other recent high-profile ransomware attacks reshuffles those rankings.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×