Top 10 Cloud Malware Threats
They all target Linux systems For a long time Linux has not been seen as a serious target of threat actors. This operating system makes up such a small percentage of the desktop market share compared to Windows, it’s no surprise why threat actors would focus most of their attention on attacking Windows endpoints. Times […]
New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor
We discovered a new sophisticated backdoor targeting Linux endpoints and servers Based on Tactics, Techniques, and Procedures (TTPs) the backdoor is believed to be developed by Chinese nation-state actors The backdoor masquerades itself as polkit daemon. We named it RedXOR for its network data encoding scheme based on XOR. The malware was compiled on Red Hat Enterprise […]
Kaiji Goes Through Update but Code Reuse Detects It
Kaiji is a Linux malware that targets cloud servers Last week we detected a new Kaiji variant. It was undetected by all 63 engines in VirusTotal at the time. So how did we detect it? Genetic Analysis of new Kaiji variantFirst, some background on Kaiji. Kaiji is a Linux malware discovered last year. It targets […]
Year of the Gopher: 2020 Go Malware Round-Up
Developers are not the only ones that have adopted Go. Malware written in Go has been steadily increasing. In the last few years, almost an increase of 2000% new malware written in Go has been found in the wild. We have seen both nation state-backed and non-nation state threat actors adopt Go into their toolset. Our new […]
2020 Set a Record for New Linux Malware Families
Intezer’s 2021 X-Force Threat Intel Index Highlights It was a lot of fun collaborating with IBM on their 2021 X-Force Threat Intelligence Index, highlighting how cyberattacks evolved in 2020 as threat actors sought to profit from the COVID-19 pandemic. In 2019, banking trojans and ransomware were the top innovators in malware code evolution. This year our […]
Do You Really Need Kubernetes?
Kubernetes is one of the top open-source container orchestration projects, as it dramatically simplifies the creation and management of applications by providing built-in solutions to common problems. Although Kubernetes can be a solution for companies working with a large number of containers, others might be better off using an alternative solution. Advantages of Using Kubernetes […]
Fix your Misconfigured Docker API Ports
It can be the difference between maintaining a safe environment for your applications or a compromised machine running malicious code. Misconfiguration of Docker API ports is one of the most common yet potentially deadly mistakes companies are making. An open API port can lead to an immediate compromise exposing your cloud environment to different types of attacks. […]
How We Escaped Docker in Azure Functions
Summary of Findings What is Azure Functions? Technical Analysis Proof of Concept Why Does this Matter? Summary of Findings In previous months we identified vulnerabilities in Microsoft Azure Network Watcher and Azure App Services, leading us to investigate other types of Azure compute infrastructure. We found a new vulnerability in Azure Functions, which would allow an attacker […]
Transitioning Traditional Apps into the Cloud
For organizations, cloud adoption is the primary driver of digital transformation and modernizing traditional applications to cloud constructs is a major milestone. Cloud opens up a world of opportunities, with a choice of IaaS, PaaS, and SaaS as deployment models. Organizations must decide what kind of transformation is preferred or achievable. It’s easiest to lift […]
A Rare Look Inside a Cryptojacking Campaign and its Profit
Linux threats are becoming more frequent and a more common type of Linux threat is cryptojacking, which is the unauthorized use of an IT system for the purpose of mining cryptocurrency. While cryptominers are well-documented, it’s not often that you get an inside look. It’s rare to see the dashboard of the wallets being used […]