Cloud News Now | October 2024
Welcome to the Halloween edition of Cloud News Now! ??
This month, we’re diving into the latest findings from our Aqua Nautilus team that are as chilling as any Halloween tale. From TeamTNT's 'Docker Gatling Gun' campaign to AWS bucket risks and the elusive "perfctl" malware, we’re uncovering the lurking threats that could haunt your cloud environment if left unchecked.
Read on… if you dare… to stay ahead of these spooky developments and keep your cloud safe from cyber 'phantoms' this season!
TeamTNT’s Docker Gatling Gun Campaign
Long time no see, Aqua Nautilus researchers have identified a new campaign in the making by TeamTNT, a notorious hacking group. In this campaign, TeamTNT appears to be returning to its roots while preparing for a large-scale attack on cloud native environments. The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, using compromised servers and Docker Hub as the infrastructure to spread their malware.?
TeamTNT is preparing for another large-scale attack—find out how to protect your cloud native environment by reading this blog from Assaf Morag.
AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover
In June 2024, Nautilus uncovered a security issue related to the AWS Cloud Development Kit (CDK), an open-source project .?This discovery adds to the six other vulnerabilities our researchers discovered within AWS services.??The impact of this issue could, in certain scenarios (outlined in the blog), allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover.?
This blog post expands on the findings from Aqua Nautilus' previous research, “Bucket Monopoly” , and examines how the techniques from our previous research are applicable to open-source projects.?Explore the latest findings here.
领英推荐
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
In this blog post, Aqua Nautilus researchers aim to shed light on a Linux malware that, over the past 3-4 years, has actively sought more than 20,000 types of misconfigurations in order to target and exploit Linux servers. If you have a Linux server connected to the internet, you could be at risk. In fact, given the scale, we strongly believe the attackers targeted millions worldwide with a potential number of victims of thousands, it appears that with this malware any Linux server could be at risk.
Nautilus discovered numerous incident reports in community forums, all describing indicators of compromise linked to this malware. The community has widely referred to it as the “perfctl malware,” and we have adopted this name.?
This post will explore the malware’s architecture, components, defense evasion tactics, persistence mechanisms, and how we managed to detect it. Perfctl is particularly elusive and persistent, employing several sophisticated techniques. Read the full analysis here.
Looking for the perf(ctl) last minute Halloween costume?
After learning about the stealthy moves of 'perfctl,' why not bring it to life this Halloween? Inspired by the elusive malware haunting Linux servers, our last-minute costume idea captures its stealth tactics, from hiding in plain sight to using rootkits and backdoors. With this look, you’re sure to keep your security team on edge! ??
Thank you for staying informed with Aqua Security. Don’t forget to follow us for more cloud security updates!