An Analysis Of Cloud Infrastructure Utilization In Malware Command And Control
In recent years, malware authors have increasingly favored using legitimate cloud platforms such as Telegram, Discord, Google Drive, and Dropbox as Command and Control (C2) channels. This tactic allows malware to evade traditional detection mechanisms and hide in normal user traffic.
In this paper, we analyze real-world malware campaigns that use cloud infrastructure as a control channel, focusing on how cloud APIs are used to steal data, download payloads, and send remote commands. We will present techniques for masking and evading detection, as well as why many current security products fail to detect this method.
In addition, we will present practical methods for detecting and mitigating these threats, including behavioral monitoring, anomaly detection, and threat hunting via cloud telemetry.
This article aims to raise awareness among users and enterprises of this growing trend and provide specific strategies to defend against malware that exploits cloud infrastructure.
Tran Thi Hieu Ngan – CMC Cyber Security
Tran Thi Hieu Ngan is a Malware Researcher who began her career as a malware research intern in her third year at university. After earning her bachelor’s degree, she pursued a professional path in malware research. Her work focuses on malware analysis, developing advanced detection and remediation technologies, and hunting advanced persistent threats (APT). She is committed to continuous professional development, building the expertise required to proactively safeguard against emerging cyber risks.
Bui Huy Anh – CMC Cyber Security
As Head of Anti-Malware Solutions Department, a senior cybersecurity expert with extensive experience in malware research and analysis, Bui Huy Anh plays a key role in researching cyber security threat, designing and implementing advanced security solutions for enterprises, aiming to develop CMC’s comprehensive cybersecurity ecosystem, aligned with international standards and capable of responding to sophisticated threats.