Cloud infrastructure is generally immune to IoT related threats however there are some exceptions — one of these is “Muhstik”. The Muhstik botnet has been around for a couple years now and is currently affecting the cloud by way of several web application exploits. The botnet is monetized via XMRig…

There is an abundance of Mirai-based botnets in the wild however “Moobot” ,which targets vulnerable Docker APIs, recently showed up on our radar. This blog describes the Moobot development along with the malware variant details. A full indicator list is also provided in our repository. As early as September 20th…

Redis has been heavily targeted for years and recent activity shows it is more popular than ever with attackers. There are several reasons for this: zero security for the base image, easily discoverable, and easily exploited. This makes Redis the ultimate low-hanging-fruit when targeting cloud infrastructure. …

Cloud infrastructure is premium real estate for cryptojackers and they are constantly looking for new ways to exploit your workloads. Among them is “Doki,” which was recently reported by Intezer and is distinguished by exploitation of the Docker API and for going undetected until only recently. While Doki was just…

Whether you’re an engineer or a system administrator, you’ve probably found bash to be a go-to resource for automating your Linux tasks. Bash is so useful that it has become popular among malware authors as well. …

On April 2nd, Microsoft released their Attack matrix for Kubernetes, a collection of Kubernetes attack patterns modeled after Mitre’s ATT&CK framework. While the matrix was compiled for Azure, many of the patterns are valid for all cloud providers. …

If you’re concerned about the security of your cloud resources then you may have asked yourself: “Who’s attacking my containers?” This blog will attempt to answer that question. As described in the the first phase of any attack is reconnaissance. This entails some form of information gathering about the target…

Containers are gaining popularity as malware deployment mechanisms in the cloud. Beginning on Valentine’s Day, one malicious container started making its rounds and has steadily expanded to over 350 infections. …

MITRE did the community a huge favor with the development of ATT&CK — an open source knowledge base for attack techniques. Threat intelligence can often be a nebulous undertaking but thanks to ATT&CK, the lives of analysts have been made a little bit easier. This blog describes how to quickly…