Malware C&C server looks exposed to security vendor for a period of time. Hacker have difficulties to implant malware to workstations once malware detector install (layer 3) network backbone routing area. Sure that Hacker won’t be announced defeat then such a way disappear forever.
A smart way utilize cloud resources
We understand that cloud computing uses HTTPS by default and the data transmission over SSL. What if hacker re-engineer their malware system structure. Utilizes the cloud farm belongs to victim, storing the command-and-control (C&C) function and malicious code inside the cloud. As we know, traditional defense mechanism lack of visibility into SSL crypto setup. But It becomes a huge benefit to hacker. How worst situation you can imagine on this scenario.
How Google Docs in Google Drive re-engineer as bad guy gatekeeper.
May be you will say, it is a outdated news. The similar of cyber attack happened on 2012. But hacker never give up! They improve this technique in silent. The hacker use Google Drive as a relay. The concept is going to utilize Drive Proxy. Drive Proxy is a Windows Service that streamlines communication with Google Drive. It uses a simple protocol to communicate with client applications over a pipe. Similar idea of hack concept announced by Black Hill information security on Aug this year. They provide proof of concept to show this method is feasible.
Below infographic can provide similar idea to you in this regard.
For more detail of Google Drive proxy, you need setup a Google API project in the Google Developers Console. For more details, please see below:
- Go to: https://console.developers.google.com/project
- Click on “Create Project”
- Name your project and click on “Create”
- Wait for the project to be created.
- From the left hand side menu, click on “APIs & auth”.
- From the left hand side menu, Click on “APIs”
- You will need to enable the “Drive API” by toggling the switch to “on”
- From the left hand side menu, Click on “Credentials”
- Click on “Create new Client ID”
- Select “Installed application” and click on “Configure consent screen”
- Fill in the details for your consent screen and click on “Save”.
- A new form will be presented. Select “Installed application” and “Other” then click on “Create Client ID”
- You will be presented with a Client ID and Client Secret.
- Switch to the root of the git repository and using a text editor, open ProjectConfig.txt
- You will see a line “ClientID <Your application google id here>”. Replace “<Your application google id here>” by the Client ID in the developer console.
- Example: “944352700820-eh520uo159llp750lf9jmn6srcm35r3j.apps. googleusercontent.com”.
- You will see a line “ClientSecret <Your application google secret here>”. Replace “<Your application google secret here>” by the Client Secret in the developer console.
- Example: “BfI0jTaVzBAuRo9odDmheM2Z”
- You will see a line “UpgradeCode <A GUID to identify your project here>”. Generate a GUID and replace “<A GUID to identify your project here>” with the generated GUID.
- Example: cb1ed02a-7233-4a67-a9f7-ad10a42a2082
- You will see a line “Company <Your Company name here>”. Replace “<Your Company name here>” with the company name you wish to appear in the “Add/Remove programs” window’s company column for Drive Proxy’s entry.
- Example: “Initech, Inc.”
- You will see a line “CompanyPath <Your Company here, must be a valid Windows folder name>”. The installer will install to “%programfiles%\ CompanyPath\Drive Proxy Service”. Replace “<Your Company here, must be a valid Windows folder name>” with the folder name under which you wish to group your programs.
- Example: “Initech”
- You can then open DriveProxy.sln and compile the Installer project.
Happy Thanksgiving Day