SentinelLabs researchers have discovered a new set of tools that cybercriminals are using to break into email and web hosting services (opens in a new tab).
The malware toolkit, called "AlienFox", is described as "highly modular" and receives regular updates. Most of the tools in the kit are open source, and with the rate at which they are updated, the researchers concluded that developers are becoming "increasingly sophisticated."
According to the SentinelLabs report, hackers use AlienFox in Telegram groups, claiming it can be used to compromise misconfigured hosts on cloud platforms and steal sensitive data.
Abuse of digitization platforms
"AlienFox's tools facilitate attacks on minimal services that lack the necessary resources for mining," the researchers said in their report. "By analyzing the tools and the output of the tools, we found that actors use AlienFox to identify and collect service credentials from misconfigured or exposed services, additional services, loss of customer trust, and remediation costs."
To generate a list of misconfigured hosts, the toolkit uses security analysis platforms, such as LeakIX or SecurityTrails. It then uses various scripts to extract sensitive information, such as API keys and secrets from configuration files, the researchers explained. Some of the versions analyzed for the report were able to establish AWS account persistence and elevate privileges, as well as collect sending quotas and automate spam campaigns across victim accounts and services.
Until now, attacks against cloud-based services have mainly been limited to cryptominers. Threat actors would use compromised cloud servers to run XMRig or similar cryptocurrency miners, generating tokens without having to pay for electricity, internet, or computing power. With AlienFox, SentinelLabs claims, opportunistic attacks in the cloud are no longer limited to cryptomining.
“For victims, a compromise can result in additional service costs, loss of customer trust, and remediation costs,” the researchers concluded.
Via: The Registry (Opens in a new tab)