Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Microsoft Sounds Alarm on Weaponized Virtual Machines on the Cloud

    By
    Pedro Hernandez
    -
    August 23, 2017
    Share
    Facebook
    Twitter
    Linkedin
      cloud security

      Microsoft has some bad news for businesses hoping to find a safe haven from cyber-attackers in the cloud. IT departments can now add weaponized virtual machines on the cloud to their ever-expanding list of cybersecurity concerns.

      The Redmond, Wash., software giant recently released its Security Intelligence Report Volume 22, compiled using threat data gathered during the first quarter of 2017 (Q1). Unsurprisingly, attackers are following their targets to where the action is, and these days, that increasingly means the cloud.

      “In a cloud weaponization threat scenario, an attacker establishes a foothold within a cloud infrastructure by compromising and taking control of one or more virtual machines,” explained the report. “The attacker can then use these virtual machines to launch attacks, including brute force attacks against other virtual machines, spam campaigns that can be used for email phishing attacks, reconnaissance such as port scanning to identify new attack targets, and other malicious activities.”

      During Q1, Microsoft’s Azure Security Center service witnessed a number of outbound attack attempts, chiefly efforts to establish communications with malicious IP addresses (51 percent) and RDP (Remote Desktop Protocol) brute force attempts. Attackers also tried to use cloud-based virtual machines to spew spam (19 percent), embark on port-scanning expeditions (3.7 percent) and try to brute force their way past SSH (Secure Shell) protections.

      When a virtual machine is compromised, they often “phone home” to command-and-control servers. The vast majority of those connection attempts are made to malicious IP addresses originating in China (89 percent), followed by the United States (4.2 percent).

      In terms of inbound attacks on Microsoft Azure, most stem from China (35.1 percent) and the United States (32.5 percent). Korea is a distant third with 3.1 percent.

      Not content to lock up users’ PCs with ransomware, attackers are increasingly targeting both personal and business cloud accounts, the company’s security researchers warned.

      “There was a 300 percent increase in Microsoft cloud-based user accounts attacked year-over-year (Q1-2016 to Q1-2017),” they stated in a Microsoft Secure Blog post, underscoring the need for both businesses and individuals to practice strong password habits. “The number of account sign-ins attempted from malicious IP addresses has increased by 44 percent year over year in Q1-2017.”

      Microsoft advises enterprise IT departments to implement risk-based conditional access policies, whereby they can restrict access to trusted devices and/or IP addresses, mitigating the risk of weak or compromised credentials.

      Ransomware continues to be problem, although it should be noted that the threat intelligence referenced by the latest Security Intelligence Report predates this spring’s massive ransomware outbreaks. In May, the WannaCry ransomware, which latched onto exploits allegedly stolen from the U.S. National Security Agency (NSA), spread like wildfire, affecting the IT systems of hospitals in the U.K. and businesses worldwide.

      In March 2017, with a ransomware encounter rate of 0.17 percent, users in the Czech Republic were most likely to run into the insidious form of malware, followed by Korea (0.15 percent) and Italy (0.14 percent). Upcoming editions of Microsoft’s report may reveal if WannaCry and other recent high-profile ransomware attacks reshuffles those rankings.

      Pedro Hernandez
      Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the Internet.com network of IT-related websites and as the Green IT curator for GigaOM Pro.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×