The service is comparable to Google Drive or other online file-sharing hosting services. Anyone can create an account for free and given 5GB of space. A360 Drive provides online storage for collaboration. It’s not a novel technique, but our correlation of the indicators of compromise (IoCs) suggests that a potentially sustained, cybercriminal operation took advantage of this platform.Īutodesk® A360 (A360) is a “ cloud-based workspace that centralizes, connects and organizes your team and project information across your desktop, the web, and mobile devices.” The suite includes Autodesk® A360 Drive and Autodesk® A360 Team services. We found that after they were downloaded and executed, the RATs/ backdoors would phone back to their respective command-and-control servers, which are resolvable via free DNS services.
The payloads we saw during our research-remote access tools (RATs)-are also notable. It resembled the way Google Drive was misused as a repository of stolen data, for instance. Abusing A360 as a malware delivery platform can enable attacks that are less likely to raise red flags. We saw a similar-albeit a lot simpler and less creative-attack on Autodesk® A360, comparable to the way file-sharing sites are being used to host malware. GitHub was misused this way when the Winnti group used it as a conduit for its C&C communications.
as one of the top countries most affected by A360 Drive-hosted malware.Ĭloud-based storage platforms have a history of cybercriminal abuse, from hosting malicious files and directly delivering malware to even making them part of a command-and-control (C&C) infrastructure. Updated as of September 6, 2017, 2:39 AM PDT, to include U.K.
0 kommentar(er)
