Unmanaged Identities Fuel Cloud Breaches; DDoS Services Dismantled

/MEDIUM
Written by SCW Threat Desk Threat Intelligence
SCW israelcloud
Unmanaged Identities Fuel Cloud Breaches; DDoS Services Dismantled

Cyber Updates - Asher Tamam reports a significant international operation, β€œPowerOFF,” has dismantled DDoS-for-hire infrastructures across more than 20 countries. This operation seized dozens of domains, identified over 75,000 users, made arrests, and confiscated databases containing millions of records. This is a critical blow to the commoditization of DDoS attacks, making it harder for opportunistic threat actors to launch large-scale disruptions.

Meanwhile, cloud security remains a major weak point. Cyber Updates - Asher Tamam highlights that 68% of cloud breaches in 2024 stemmed from unmanaged service accounts and API keys. Non-human identities are consistently proving to be a primary failure point, offering attackers an often-overlooked vector into critical infrastructure. This trend underscores a fundamental flaw in how many organizations manage their cloud access.

Further, a new Mirai variant, Nexcorium, is actively exploiting vulnerabilities in DVR cameras and TP-Link routers to build DDoS botnets via Telnet and brute-force attacks. This illustrates the persistent threat posed by IoT devices, which remain a fertile ground for botnet recruitment due to widespread insecure configurations and unpatched vulnerabilities. Defenders need to aggressively inventory and secure these edge devices.

What This Means For You

  • If your organization relies heavily on cloud services, you need to audit all service accounts and API keys immediately. Assume unmanaged non-human identities are already compromised. Review CloudTrail logs for unusual anonymous S3 access, even for environments previously thought secure. For operational technology (OT) and IoT, check DVRs and TP-Link routers for Mirai (Nexcorium) compromise indicators and ensure Telnet is disabled. Proactive system segmentation and robust identity and access management (IAM) for non-human identities are no longer optional.

πŸ›‘οΈ Detection Rules

3 rules Β· 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free β€” export to any SIEM format via the Intel Bot.

critical T1110 Credential Access

Mirai Nexcorium Botnet Activity via Telnet Brute Force

Sigma YAML β€” free preview
βœ“ Sigma Β· Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot β†’

Written by SCW Threat Desk

Related Posts

Microsoft April 2024 Security Updates: Zero-Day Exploited, Critical Vulnerabilities Addressed

The Israel National Cyber Directorate (INCD) has issued a critical alert regarding Microsoft's April 2024 security updates. On April 14th, Microsoft released approximately 163 security...

INCDisraelvulnerabilityadvisoryalert
/HIGH /⚑ 5 IOCs /⚙ 3 Sigma

ZionSiphon Malware Targets Israeli Water Systems

Cyber News - Erez Dasa reports on ZionSiphon, a new malware variant specifically targeting industrial control systems (ICS) within Israel's water infrastructure. Detailed technical analysis...

israel
/SCW Threat Desk /MEDIUM

PowerOFF Targets DDoS Operators: 53 Domains Seized, Arrests Made

Law enforcement agencies globally, spearheaded by Europol, continue Operation PowerOFF, a sustained offensive against DDoS attack infrastructure. Cyber News - Erez Dasa reports that the...

israel
/SCW Threat Desk /MEDIUM