Cloud Security, Ransomware

Microsoft Azure tools increasingly leveraged in ransomware attacks

September 28, 2022, Brazil. In this photo illustration, the Microsoft Azure logo is seen displayed on a smartphone

More attacks by the Rhysida and BianLian ransomware operations have exploited Microsoft's Azure Storage Explorer and AzCopy utilities to efficiently exfiltrate troves of data from compromised networks while better evading detection by firewalls and security tools, BleepingComputer reports.

After installing dependencies and upgrading .NET to version 8, ransomware gangs leveraged several Azure Storage Explorer instances to accelerate uploads of stolen files to Azure Blob storage before being transferred to their storage, according to a report from modePUSH. Further analysis revealed that default 'Info' level logging had been activated in both Storage Explorer and AzCopy, allowing the creation of a log file that detailed stolen data and possibly deployed payloads. Such findings, which highlight ransomware operations' mounting data exfiltration efforts, should prompt organizations to strengthen AzCopy execution and Azure Blob Storage endpoint traffic tracking, said researchers. Organizations have also been urged to enable 'Logout on Exit' for automated app signouts to curb compromise.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

You can skip this ad in 5 seconds