How mass AWS internet outage gave cybercriminals chance to test future attacks

It has been a little over a month since Amazon Web Services went down, taking half the internet out with it.

The incident, which caused mass disruption all over the world, raised serious questions about the fragility of so much of the internet relying on one platform, but as it turns out, the red flags don't end there.

An alarming report from Fortinet's FortiGuard Labs has revealed that while many of us were struggling to access some of our most used websites, cyber hackers were busy plotting and testing for their next malicious move.

The report found that a Mirai-based botnet called ShadowV2 had emerged during the widespread outage. In layman's terms, that basically means a a form of malware that can infect internet-based devices was targeting devices with weak or default passwords and adding them to a botnet — a large group of hacked machines that a single attacker can control remotely.

Cyber hackers used the AWS outage as a 'test run' for future attacks (Getty Stock Images)

Once the malware has infected vulnerable devices, it can form a zombie army of internet-connected appliances, an attacker can remotely control the network and perform large scale attacks, like distributed-denial-of-service (DDoS) traffic-flooding events. This is where a cyber attacker overwhelms a website or network with a flood of traffic, exhausting the target's bandwidth and resources, making it slow or completely unavailable to its genuine users.

It has been said the hackers were likely using the opportunity of the AWS outage to perform a 'test run' for future, potentially devastating, attacks. During the outage, ShawdowV2 infected internet-connected devices across many different industries across 28 different countries, including the UK.

"So far, the malware appears to have only been active during the time of the large-scale AWS outage," the FortiGuard Labs report explains. "We believe this activity was likely a test run conducted in preparation for future attacks."

They can create a zombie army of compromised devices (Getty Stock Images)

Meanwhile, one expert has warned that incidents like the AWS outage are likely to happen more often, which could pave the way for more cyber criminal activity.

"Modern infrastructure is built on deeply interconnected systems; the more we optimise for scale, the more challenging it becomes to pinpoint how one failure cascades into another. Will this happen more frequently? The short answer is yes. Expect things to fail," explained Lee Skillen, CTO of software artefact management platform Cloudsmith.

He said these failures can range from 'mild and short lived' to 'rare and catastrophic', but noted the one thing they all share in common, 'inevitability'.

"Every service with real users will eventually get hit by something; sometimes directly, sometimes indirectly," he added. "The greater the magnitude, the greater the possibility."