The progressive success of Linux services in the digital infrastructure and cloud industries in recent times has marked an end on its back, warns a new report from VMware.
In addition, as the plupart of anti-malware and cybersecurity solutions is concentrated on the protection of Windows and Linux devices, it is back on a glacial mince, alors that acteurs de la menace prennent conscience de cette faille de sécurité et ciblent le logiciel plus than ever
Based on real-time big data, stream-of-event processing, static, active, and behavioral analytics, and machine learning data, the VMware report asserts that ransomware has evolved to target host images used to run workloads. in virtualized environments.
Ransomware, crypto mining, Cobalt Strike
Attackers are now targeting the most valuable assets in the cloud, VMware says, citing Defray777 as the ransomware family that encrypts host images on ESXi servers, like the DarkSide ransomware family that was behind the Colonial Pipeline attack.
Additionally, multi-cloud infrastructure is frequently misused to mine cryptocurrency for attackers. Since cryptojacking, as the procedure is called, does not completely disrupt the operations of cloud environments like ransomware does, it is considerably more difficult to detect.
However, virtually all cryptojacking attacks (XNUMX%) use XMRig-related libraries. Therefore, when particular XMRig libraries and modules are identified in Linux binaries, it is most likely malicious cryptomining.
There is also the growing inconvenience of Cobalt Strike and Vermilion Strike, the commercial penetration tests and team colorado tools for Windows and Linux.
Although they are not designed to be malicious, they can be used as an implant in a compromised system that gives malicious actors partial control of the machine. VMware discovered over fourteen zero active Cobalt Strike Team servers on the Internet between February XNUMX and November XNUMX.
The fact that the total percentage of leaked and leaked Cobalt Strike service customer credentials is fifty-six% leads VMware to conclude that more than half of Cobalt Strike users may be cybercriminals.
To deal with this growing threat, the report further asserts that organizations must "prioritize" threat detection.