Cloud Hosting

Tenable's Cloud Security Research team has unearthed a series of attacks by the Kinsing malware family, particularly targeting Linux-based cloud infrastructures. In a new development, these malicious programmes are now exploiting Apache Tomcat servers, adopting new advanced stealth techniques for file system penetration and persistence.

Kinsing, a malware family operational for numerous years, primarily attacks Linux-based cloud infrastructure. Known for exploiting a range of vulnerabilities to gain unauthorised access, the hostile actors behind the Kinsing malware frequently install backdoors and illicitly deploy cryptocurrency miners on compromised systems. Once the infection has taken hold, Kinsing co-opts system resources, employing these for cryptomining. This redirection of system resources inhibits server performance and increases operational costs.

The new information disclosed by Tenable today adds another level of complexity to these malicious endeavours exploiting Apache Tomcat servers while adopting fresh tactics for evasion on the file system. A noteworthy aspect of these new methods is Kinsing's use of seemingly innocent and non-suspicious file locations to maintain its presence on the system.

Speaking on this security concern, Ari Eitan, Manager - Research at Tenable, highlighted the growing trend of cloud cryptomining in recent times. This has been largely facilitated by the scalability and flexibility of cloud platforms. Eitan posits that, "Unlike traditional on-premises infrastructure, cloud infrastructure allows attackers to quickly deploy resources for cryptomining, making it easier to exploit." The research team previously discovered multiple servers infected with Kinsing in a single environment, including an Apache Tomcat server with critical vulnerabilities.

Thus, the emergence of the Kinsing malware and its evolution to exploit Apache Tomcat servers with new advanced stealth techniques adds an insidious threat to Linux-based cloud infrastructures. These developments signify how malicious actors are continually devising new strategies to exploit system vulnerabilities for their gain. As Ari Eitan underscores, the extensive capability of cloud infrastructure that allows swift deployment of resources for cryptomining can now equally be exploited by threat actors with relative ease.

This disclosure underscores the exponentially growing cybersecurity threat landscape. As malicious actors become more innovative in their tactics, robust and up-to-date security measures are of the utmost importance. Therefore, the essential role of cyber defense teams such as Tenable's Cloud Security Research team becomes increasingly vital as they enhance their efforts to identify, expose and mitigate such threats.

Read more:
Kinsing malware exploits Apache Tomcat on Linux clouds - SecurityBrief Australia