Attackers are increasingly targeting vulnerable cloud infrastructure to exploit it for covert cryptojacking or to deliver ransomware, Securonix researchers warn.
Some attacks are fairly trivial, but others are multi-vector/multi-platform threats where multiple functionalities are combined as part of the same malicious threat (e.g., XBash, which combines cryptomining, ransomware and botnet/worm activity).
The attacks are automated and probe the infrastructure and cloud services for vulnerabilities and/or weak or default login credentials.
The attackers achieve the persistence of their malicious implants through cronjob entries on Linux and malicious startup items on Windows systems. They continually change the C&C servers that deliver additional malware, username/password lists, etc.
Read more: Help Net Security