![]() “The emergence of toolkits like AlienFox underscores the increasing sophistication of attacker networks and their collective ability to cause harm and disruption,” Dan Benjamin, chief executive of data security company Dig Security Solutions Ltd., told SiliconANGLE. The toolkit can also collect send quotas and automate spam campaigns through victim accounts or services. According to the researchers, the spread of AlienFox represents an unreported trend toward attacking more minimal cloud services, unsuitable for cryptomining, to enable and expand subsequent campaigns. ![]() account persistence and privilege escalation. Later versions of AlienFox are said to establish Amazon Web Services Inc. Having obtained the information, multiple scripts in the toolset are then used to extract sensitive information, such as API keys and secrets from configuration files exposed on victims’ web servers. Most of the tools offered as part of AlienFox are open source, meaning that they can also be modified to suit the specific needs of attackers.Īn attack using AlienFox starts with attackers using the toolset to collect lists of misconfigured hosts from security scanning platforms such as LeakIX and SecurityTrails. ![]() Though primarily distributed on Telegram, some of the modules are also available on GitHub. Attackers use AlienFox to harvest application programming interface keys and secrets from services, including Amazon Simple Email Service and Microsoft Office 365.ĪlienFox is a modular toolset involving the distribution of source code archives. A new comprehensive toolset for harvesting credentials across multiple cloud services providers has been spotted in the wild being distributed on Telegram.ĭetailed today by researchers at SentinelLabs, the “AlienFox” toolset is described as a cloud spammer’s “Swiss Army knife” thanks to its ability to attack multiple services in numerous ways.
0 Comments
Leave a Reply. |