Legitimate third-party Platform-as-a-Service (PaaS) providers are becoming increasingly leveraged by threat actors for phishing and malware deployment. PaaS providers such as cloud instances, marketing platforms, content delivery networks (CDN), and dynamic DNS servers have been weaponised for a range of malicious activities. One of the key benefits is that they can be used to evade detection systems. This is due to the decreased likelihood of these being pre-emptively blocked because of established levels of trust and legitimate usage.
Detailed analysis in the blog here: https://blog.bushidotoken.net/2021/11/leveraging-legitimate-services-for.html
Abused Legitimate Services by Malware campaigns
Abused Legitimate Services by Phishing campaigns
- https://www.anomali.com/files/anomali-labs-reports/legit-services.pdf
- https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf
- https://community.netwitness.com/t5/netwitness-community-blog/wolves-among-us-abusing-trusted-providers-for-malware-operations/ba-p/519970