15 comments

[ 3.5 ms ] story [ 54.6 ms ] thread
The article does not name any of the cloud services used for command and control though it does list some IPs for a small cloud provider from Germany called Pfcloud UG. I doubt they're really a problem.

The greatest threat to the internet currently is not the malware concealed behind cloud services but cloud services themselves breaking the distributed nature of the internet. Some of the clouds, particularly those that flare, just have too much influence and control of internet networking and should be split up. I can't even access congress.gov because it's behind cloudflare. They are running a very effective and very long lasting DoS against millions of americans preventing them from accessing government services and information.

Not trying to be 'that guy' but the first line calls out AWS and DriveHQ:

Cybersecurity threats are increasingly leveraging cloud services to store, distribute, and establish command and control (C2) servers, such as VCRUMS stored on AWS or SYK Crypter distributed via DriveHQ.

Ah, woops, good catch. But none of those services are used in the 2 sets of malware described. It's kind of just a throwaway line with no relation to the article.
(comment deleted)
AWS and DriveHQ are literally mentioned in the first paragraph.
Care to explain? Why is cloudflare inaccessible to you?
Why should it be up to him to explain?
Who else is mfro supposed to ask if not the guy who said they had an issue with it?
Probably blocking their tracking cookies, without which they’ll deny you access to a lot of sites. I finally gave up on blocking those just this week because I couldn’t get to sites I neeeded.
If we're naming and shaming cloud providers who enable bad actors, may as well also remind everyone that nearly every* DDoS-as-a-Service provider uses Cloudflare to keep their sites online and origins hidden. It's been the case for years and they do nothing about it unless compelled by law enforcement, which is convenient for a company whose bread and butter is DDoS mitigation.

* the few exceptions use the Russia-based DDoS-Guard, not any of Cloudflares mainstream competitors, who all seem to be willing and able to turn DDoSers away.

https://en.wikipedia.org/wiki/DDoS-Guard

The one thing that interests me about the large CDN providers is active protection against DDoS attacks. As a small business that depends on its website being available to stay in business, how does it protect itself from DDoS attacks without using these large services? It would be too easy to take down an independent site by any malicious actor.

Other than that, yeah, I'm not a fan of the vast majority of all traffic coming from these 3 or 4 services.

(comment deleted)