Top Linux Cloud Threats of 2020
We tagged 2019 as The Year of the Linux Threat. That trend continued in 2020 with high profile APTs launching ELF malware, and Linux versions of Windows threats emerging for the first time. By some estimates, 2020 saw several years worth of digital transformation in just a few months. Prior to the pandemic, cloud computing was already […]
Migrating to the Cloud: Compliance Issues When Transitioning from a Traditional Data Center
For traditional data center operations, security and compliance requirements have always been operational overhead. Traditional data centers are under unique stresses in today’s world. There are pressures to make data centers more flexible and adaptable to business needs—such as rapid deployments of new technology or solutions—or to meeting changes in regulation or compliance with security […]
Watch Your Containers: Doki Infecting Docker Servers in the Cloud
Key Findings Ngrok Mining Botnet is an active campaign targeting exposed Docker servers in AWS, Azure, and other cloud platforms. It has been active for at least two years. We have detected a recent attack which includes a completely undetected Linux malware and a previously undocumented technique, using a blockchain wallet for generating C&C domain […]
Linux Rekoobe Operating with New, Undetected Malware Samples
Introduction Our research team has identified new versions of an old Linux malware known as Rekoobe, a minimalistic trojan with a complex CNC authentication protocol originally targeting SPARC and Intel x86, x86-64 systems back in 2015. The new malware samples have lower detection rates than their predecessors. We believe this malware ceased its operation in 2016 […]
Why we Should be Paying More Attention to Linux Threats
In a previous post we wrote for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC), we discussed the emergence of Linux-based threats. This threat ecosystem is heavily concentrated with financial driven crypto-miners and DDoS botnet tools which primarily target vulnerable Linux servers. In addition, more sophisticated threats utilizing rare evasion techniques exist within […]