Cloud Atlas - Emerging Threat

December 19, 2014 | Garrett Gross

Much like the recent Sony breach, we are seeing a lot of techniques used in targeted state sponsored attacks manifesting out in the wild. It seems like these high profile and/or government funded hacks might be laying the blueprint for copycats to use these techniques in other state attacks or even in the private sector. One of these is an emerging threat that some are referring to as “Cloud Atlas”. The attackers (at this point) are targeting government entities around the world, with the most recent attacks focused on embassies.

The method used here is a conventional one: first, snare a victim with a spearphishing attack to compromise systems with known vulnerabilities. Then, install a remote access tool that allows the attacker to control the machine, exfiltrate data, or do similarly nefarious things like erase all data on the machine and prevent it from booting back up. This opens a huge hole in your network, exposing your private information (as well as your client’s) and opening you up to future attacks.

One distinguishing factor here is that they are leveraging a connection to (a known cloud services provider) as their Command & Control mechanism.

Our Labs team has already pushed out correlation rules and IDS signatures for AlienVault Unified Security Management (USM) to detect this threat and alert users of:

  • Usage of the cloud provider, CloudMe, inside your network (Environmental Awareness)
  • Existence of the C&C communication and/or infrastructure that attackers are using

See details on the threat intelligence update here.
And, here are some additional resources to learn more about this threat:

Garrett Gross

About the Author: Garrett Gross

Garrett Gross has always had an insatiable appetite for technology and information security, as well as an underlying curiosity about how it all works. Garrett has over 15 years of professional experience in information technology, filling several roles: systems administration, network engineering, product marketing, technical support, and helpdesk. In his current role in field enablement, he uses his experience to help managed security service providers be successful in evangelizing and operationalizing AlienVault USM.

Read more posts from Garrett Gross ›


Watch a demo ›
Get price Free trial