The surge in commercial adoption of cloud technologies has led to a proportional increase in sophisticated and diversified cloud-focused malware campaigns, warns cybersecurity firm Cado Security. Docker, a widely used platform, stands out as the primary target for initial access, constituting a significant portion of honeypot traffic. The attackers, shifting from the conventional focus on cryptojacking, are now exploiting services like Docker, Redis, Kubernetes, and Jupyter, requiring advanced technical knowledge.
Notably, identified malware campaigns, such as P2Pinfect, exhibit global reach, indicating the omnipresent susceptibility of Linux and cloud environments to attacks. The report also highlights a concerning trend with the emergence of Linux variants of ransomware families like Abyss Locker, expanding the threat landscape.
While cryptojacking remains a substantial concern, Cado Security Labs notes a diversification in the objectives of recent Linux and cloud malware campaigns. These campaigns increasingly target web-facing services in cloud environments, emphasizing the importance of thorough security measures to prevent unauthorized access. Furthermore, the report sheds light on the rising popularity of Rust malware, aligning with the language’s general adoption in software development. Chris Doman, CTO of Cado Security, emphasizes the significance of their half-yearly cloud threat findings report in assisting security professionals in comprehending evolving attack vectors and enhancing internal security programs.
