Kinsing has been operational for years, known for exploiting various vulnerabilities to gain unauthorized access to Linux-based cloud environments. The malware typically installs backdoors and illicitly deploys cryptocurrency miners on compromised systems. Once Kinsing infects a system, it redirects resources for cryptomining, which degrades server performance and escalates operational costs.
The recent findings by Tenable reveal that Kinsing is now leveraging Apache Tomcat servers, utilizing non-suspicious file locations to maintain its presence and evade detection. Ari Eitan, Manager of Research at Tenable, noted the increasing trend of cloud cryptomining facilitated by the scalability and flexibility of cloud platforms. Eitan emphasized that unlike traditional on-premises infrastructure, cloud environments enable attackers to swiftly deploy resources for cryptomining, making exploitation easier.
The research team found multiple servers infected with Kinsing, including an Apache Tomcat server with critical vulnerabilities. This evolution in Kinsing’s tactics signifies a growing threat to Linux-based cloud infrastructures, as attackers continue to develop new strategies to exploit system vulnerabilities.
These developments highlight the expanding cybersecurity threat landscape and underscore the need for robust and up-to-date security measures. The efforts of cyber defense teams, such as Tenable’s Cloud Security Research team, are crucial in identifying, exposing, and mitigating these threats.
Source: TechDay
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.