Identification and Analysis of Emerging Propagation Techniques Utilized by Malware Targeting Cloud Environments

With the significant shift towards Cloud computing, critical workloads in Cloud environments have reached unprecedented levels. However, this transition has also drawn the attention of attackers, targeting these workloads, with cloud attacks at an all-time high. Attackers exploit these workloads by finding low-hanging entry points and read ily available exploits. These entry points include misconfigured cloud services, exposed APIs, and weak authentication mechanisms, which are exploited to establish a foothold within the victim’s cloud environment. Once inside, attackers utilize various techniques to maintain persistence. One of the most common methods involves leveraging persistent data storage within the victim’s cloud environment. By embedding malware into data repositories, containers, or virtual machines, attackers aim to propagate malicious arti facts throughout the cloud environment. This raises the question: How are these attacks continuing to succeed, especially when Cloud providers are consistently enhancing their Cloud-native security services?

This study aims to address the aforementioned question by conducting experiments in volving two of the most prevalent cloud malware families, AndroxGh0st and Legion, and the cloud services targeted by them. The primary objective is to identify and analyze the propagation techniques leveraged by prevalent cloud malware while evaluating the effectiveness of existing safeguards against these threats. Furthermore, the study seeks to propose recommendations for enhancing the efficacy of cloud-native services in mitigating the propagation of modern malware attacks within cloud environments.