Cryptojacking is no longer the sole focus of cloud attackers

2024-02-29 04:30

As commercial adoption of cloud technologies continues, cloud-focused malware campaigns have increased in sophistication and number - a collective effort to safeguard both large and small enterprises is critical, according to Cado Security.

Although cloud-focused attackers aim to exploit various services typically deployed in cloud environments, Docker remains the most frequently targeted for initial access, with 90.65% of honeypot traffic when discounting SSH. Identified malware campaigns, such as P2Pinfect, had a wide geographical distribution with nodes belonging to providers in China, the US, and Germany, which shows that regardless of where your infrastructure is located, it is still susceptible to Linux and cloud-focused attacks.

Attackers continue to exploit web-facing services in cloud environments.

While cryptojacking is a legitimate and significant threat, Cado Security Labs has started to see a diversification in objectives displayed by recent Linux and cloud malware campaigns.

Attackers continue to exploit web-facing services in cloud environments to help them gain access to cloud environments and invest significant time into hunting for misconfigured deployments of these services.

"We are very excited to deliver our half-yearly cloud threat findings report, which provides a detailed overview of significant discoveries made by the Cado Security Labs team over the last six months," said Chris Doman, CTO of Cado Security.

News URL

https://www.helpnetsecurity.com/2024/02/29/cloud-focused-malware-campaigns/

#cloud #cryptojacking