AppRiver cybersecurity company found that Azure Cloud Services still has security issues from phishing templates to malware and command and control services. The research found that its root cause is in Microsoft’s Azure infrastructure. AppRiver said that in the early reports, two Azure-related malware attacks occurred in May.
Just this month, nearly 200 websites hosted on the Azure App Services platform have been used to deploy inexpensive web hosting to maintain scams. Besides, a new form of phishing activity appeared on the network. The attacker would disguise the phishing content as an Office 365 warning email.
The latest findings from security researchers MalwareHunterTeam and JayTHL indicate that the above events are not independent attacks. After sample analysis, malware and other samples uploaded later are still present in Microsoft ‘s Azure infrastructure.
interesting MS-hosted mal f/b @malwrhunterteam
in a SOAP-format set of messages.
u/a Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.5485)@JAMESWT_MHT pic.twitter.com/rV0wzpulgW
— JTHL (@JayTHL) May 11, 2019
David Pickett of AppRiver said, “it’s evident that Azure is not currently detecting the malicious software residing on Microsoft’s servers.” AppRiver’s David Pickett said that one of the examples ‘searchfile.exe’ was indexed by the VirusTotal scan service on April 26 when researching the attack sample, and Windows Defender detected it when the user tried to download a malicious file on the computer.
Researcher JayTHL said that the sample being crawled appears to be a simple agent that runs any commands received from the command and control server. If the attacker’s ID number is generated in order, it is determined that up to 90 computers can be controlled.