Vulnerable Cloud Infrastructure Experiencing Increasing Attacks
Attackers are increasingly targeting vulnerable cloud infrastructure to exploit it for covert cryptojacking or to deliver ransomware, Securonix researchers warn.
Some attacks are fairly trivial, but others are multi-vector/multi-platform threats where multiple functionalities are combined as part of the same malicious threat (e.g., XBash, which combines cryptomining, ransomware and botnet/worm activity).
The attacks are automated and probe the infrastructure and cloud services for vulnerabilities and/or weak or default login credentials.
The attackers achieve the persistence of their malicious implants through cronjob entries on Linux and malicious startup items on Windows systems. They continually change the C&C servers that deliver additional malware, username/password lists, etc.
Read more: Help Net Security