Source URL: https://krebsonsecurity.com/2025/01/infrastructure-laundering-blending-in-with-the-cloud/
Source: Krebs on Security
Title: Infrastructure Laundering: Blending in with the Cloud
Feedly Summary: In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit — a sprawling network tied to Chinese organized crime gangs and aptly named “Funnull" — highlights a persistent whac-a-mole problem facing cloud services.
AI Summary and Description: Yes
Summary: The text discusses the emerging trend of “infrastructure laundering,” particularly how cybercriminals are using U.S. cloud providers like Amazon AWS and Microsoft Azure to conceal malicious activities. It highlights the challenges facing these cloud services in combating cybercrime and emphasizes the need for stricter internal policies to prevent misuse.
Detailed Description:
The article outlines significant security and compliance issues in cloud computing, particularly related to the practices of cybercriminals using U.S. cloud infrastructure to mask their activities.
Key points include:
– **Infrastructure Laundering**: The practice where cybercriminals channel malicious traffic through legitimate cloud service providers, making it difficult for defenders to block.
– **Research Findings**: Investigations by Silent Push uncovered a network named “Funnull,” linked to Chinese organized crime, facilitating various scams and frauds through major cloud platforms.
– Funnull’s affiliations with gambling activity in Macau and connections to North Korean money laundering highlight the serious implications of such cyber activities.
– **Policing Challenges**: The inherent difficulty for cloud providers to monitor and manage the vast array of traffic that flows through their networks.
– Cybercriminals optimize their operations to exploit the shared infrastructure of cloud services effectively, often resulting in sanitized IP addresses that hinder detection.
– **Response from Cloud Providers**: Amazon and Microsoft assert their commitment to combating abuse on their platforms. Amazon acknowledged suspicious activities linked to Funnull, stating they took measures to suspend accounts and investigate abuses.
– Both companies encourage the reporting of suspicious activity to enhance compliance and safeguard against malicious use.
– **Legislative Considerations**: A proposed U.S. Department of Commerce rule would require cloud providers to enforce stricter customer identification protocols to prevent foreign entities from leveraging IaaS services for potentially harmful activities.
– Concerns are raised about the competitive disadvantages this could impose on U.S. cloud providers if other nations do not adopt similar requirements.
Overall, the text underscores the complexities in cloud security where criminal organizations adeptly utilize legitimate infrastructures and the ongoing battle for compliance in preventing malicious activities within such environments. The pressing need for updated policies comes as a strategic recommendation for cloud providers to defend against exploitation effectively while maintaining lawful customer engagement.
– **Recommendations for Cloud Providers**:
– Implement internal policies to track and limit the use of IP resources to known entities.
– Establish robust mechanisms for suspicious activity reporting and rapid response.
– Collaborate with governments and industry peers to enhance overall security protocols.
This analysis serves as a critical reminder for professionals in security, compliance, and cloud service governance regarding the evolving nature of cyber threats and the necessity for stringent regulatory frameworks.