Trend Micro duo discover Linux malware targeting Huawei Cloud

0

A vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware is a route through which Linux malware, observed by Trend Micro researchers to attack Huawei Cloud, a relatively new cloud service provider, gains access to systems.

A blog post by researchers Alfredo Oliveira and David Fiser, stated that other methods by which the malware gained access were the abuse of weak passwords for SSH, Redis, PostgreSQL, SQLServer, MongoDB and FTP clients.

The payload planted by the malware was a cryptominer. Attackers deleted apps and services in Huawei Cloud, disabling the host babysitting service.

Both researchers said the attackers were using an open source plugin known as cloudResetPwdUpdateAgent which normally allowed users to reset a password for the Elastic Cloud service running on Huawei Cloud.




Oliveira and Fiser said older samples of the same malware were detailed by Chinese company Tencent in 2020, although in this case container environments were targeted.

“Another interesting ability that we have never seen before is that in this campaign, malicious actors searched for specific public keys that would allow them to kill the competition of the infected system and update their own keys,” wrote the couple.

“More than any other sample and campaign we’ve seen so far, this campaign performs a complete disinfection of the operating system.

“He looks for both signs of previous infections and security tools that could stop his malicious routines. Not only that, but he also uses simple but effective commands to clean up after performing his infection routine.”

They found that the attackers seemed very familiar with the people who managed the systems they were attacking.

Another interesting feature of the malware was that it installed The Onion Router (Tor) proxy service, which would later be used to anonymize the malicious connections of the malware.

“Misconfigurations of the cloud service can allow cryptocurrency mining and cryptojacking attacks,” Oliveira and Fiser said.

“Most of the attacks we monitored happened because the services running in the cloud had an API or SSH with weak credentials or had very permissive configurations, which attackers can abuse to allow them to infiltrate a system without needing to exploit vulnerabilities. .

“Configuration errors are a common entry point in such scenarios, and cloud users should give the same thought and attention to configuration errors as to vulnerabilities and malware. “

PROMOTE YOUR WEBINAR ON ITWIRE

It’s all about webinars.

Marketing budgets are now focused on webinars combined with lead generation.

If you want to promote a webinar, we recommend at least one campaign 3-4 weeks before your event.

The iTWire campaign will include extensive advertisements on our news site itwire.com and significant promotion in the https://itwire.com/itwire-update.html newsletter and promotional and editorial news. Plus a video interview of the keynote speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in promotional messages on the iTWire homepage.

Now that we are coming out of Lockdown, iTWire will focus on helping your webinars and campaigns and supporting through partial payments and extended durations, a Webinar Business Booster pack and other support programs. We can also create your advertisements and written content and coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click on the button below.

MORE INFO HERE!

THIS IS ITWIRE TV

iTWire TV offers unique value to the tech industry by providing a range of video interviews, news, views and reviews, and also provides the ability for vendors to promote your business and marketing messages.

We work with you to develop the message and conduct the product interview or review in a safe and collaborative manner. Unlike other YouTube Tech channels, we create a story around your post and post it on the ITWire homepage, linked to your post.

Additionally, your interview post can be displayed in up to 7 different post views on our iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant lead generation opportunity for your business.

We also provide 3 videos in one recording / session if you need them so that you have a series of videos to promote to your clients. Your sales team can add your emails to the sales materials and footer of their sales and marketing emails.

Get the latest tech news, views, interviews, reviews, product promotions and events. Plus fun videos from our readers and customers.

SEE WHAT’S ON ITWIRE TV NOW!


Source link

Share.

Leave A Reply