Web services increasingly leveraged in malware attacks

At least 25% of over 400 malware families distributed during the past two years exploited legitimate web services to facilitate network infrastructure compromise, with information-stealing payloads having the highest rate of web service abuse, CyberScoop reports. Most exploited among legitimate services were cloud storage platforms led by Pastebin, followed by messaging apps, particularly Telegram, according to a report from Recorded Future's Insikt Group. Email services and social media sites were also often leveraged in attacks. Usage of legitimate web services in cyberattacks was previously noted by Recorded Future to be conducted by Russian state-sponsored threat operation APT29, also known as BlueBravo and Nobelium, which leveraged the API of productivity service Notion to enable GraphicalNeutrino malware deployment, and the new report noted that such exploitation would only increase. "An effective defense against the increasing abuse of legitimate internet services demands a nuanced approach, grounded in a comprehensive and systematic understanding of which and how these services are abused across diverse malware categories and threat actors," said Insikt Group Threat Intelligence Analyst Julian-Ferdinand Vogele.