In a report by CRN, Amazon Web Services stated that SolarWinds hackers used its Amazon Elastic Compute Cloud to carry out the attack, but the service itself was not infected with malware as the company does not use SolarWinds software. “The actors used EC2 just like they would use any server they could buy or use anywhere (on-premises or in the cloud),” said an AWS spokesperson. Several senators have alleged that AWS’ cloud hosting has been used by the hackers to hide their activities as harmless network traffic and have asked the firm to account for its role in the attack. Karl Robinson, director of Logicata, an AWS managed services provider in London, said that while AWS is responsible for making sure that its services are being used in accordance with the law and the company’s business terms, cloud service providers should also trust their customers because “it’s almost impossible for them to proactively detect and prevent every type of nefarious activity.” The company provided one update to the Senate Intelligence Committee, but the committee is still waiting for a full update on the situation, said Sen. Mark Warner, D-Va.
Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.
As companies migrate to the cloud, the industry needs a new way to manage data and network security, but security analysts warn that only the most well-heeled enterprises can afford the new zero-trust open approach Oracle touts.
Operators of the Bumblebee malware loader have launched a new campaign involving the exploitation of 4shared Web Distributed Authoring and Versioning services following a two-month hiatus, according to BleepingComputer.
Infrequently used Amazon Web Services products AWS Fargate, AWS Amplify, and Amazon SageMaker, have been targeted by the new Indonesian cloud-native cryptojacking operation AMBERSQUID for cryptomining activities, according to The Hacker News.