Tech 18 January 2019

Paul How

New mining malware bypasses cloud security

Cybersecurity researcher Palo Alto Networks Unit 42 has warned of new malware that can to target and disable cloud security products in order to mine the Monero cryptocurrency on affected computers.

Samples of the malware were collected last October, and are believed to be developed by the notorious Rocke group. It was first discovered by the Cisco Talos Intelligence Group last July that Rocke was trying to access cloud storage services.

Unit 42 discovered five different cloud security products, developed by China-based Tencent Cloud and Alibaba Cloud (Aliyun), could be uninstalled from compromised servers running on Linux. “In our analysis, these attacks did not compromise these security products: rather, the attacks first gained full administrative control over the hosts and then abused that full administrative control to uninstall these products in the same way a legitimate administrator would,” the researchers Xingyu Jin and Claud Xiao explained.

“To the best of our knowledge, this is the first malware family that developed the unique capability to target and remove cloud security products,” they added.

According to Unit 42, Rocke is able to exploit vulnerabilities in Apache Struts 2, Oracle WebLogic, and Adobe ColdFusion. In order to evade detection from the Cloud Workload Protection Platforms developed individually by cloud service providers, it isn’t enough for the malware to kill the monitor service process, but to uninstall them altogether, as Rocke has managed to do.

“We believe this unique evasion behavior will be the new trend for malware which targets public cloud infrastructure,” the researchers warned.

Already, Unit 42 is coordinating with Tencent Cloud and Alibaba Cloud to solve the issue.

Cybersecurity solutions provider Check Point Software Technologies Ltd. recently released its report on the top malware threats globally, in which the top three were all for the mining of cryptocurrencies. Coinhive has been the malware with the largest global reach for 13 months straight.

McAfee Labs has reported that the mining malware has increased by over 4,000% in just a year’s time, as of end-September 2018.

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

Pakistan eyes blockchain for digitalization of government processes

Tech 18 April 2019

Pakistan eyes blockchain for digitalization of government processes

A meeting chaired by Pakistan Prime Minister Imran Khan discussed ways in which technologies such as blockchain could be used to ensure efficiency of government processes.

Read More
Accenture, Generali taps blockchain for employee benefits

Tech 18 April 2019

Accenture, Generali taps blockchain for employee benefits

Global management consulting firm Accenture has teamed up with Generali Employee Benefits to develop what they referred to as a unique employee benefits system powered by blockchain.

Read More
Bitcoin SV and the roadmap to Genesis

Tech 17 April 2019

Bitcoin SV and the roadmap to Genesis

Coming soon will be a network upgrade called Quasar, which is currently scheduled for July 24 and centers on increased scaling capabilities.

Read More