News
New Linux malware campaign targets Docker, Apache Hadoop, Redis and Confluence – Cado Security
March 2024 by Cado Security
Cado Security has today (Wed 6 March) disclosed an emerging Linux malware campaign, discovered by its Cado Security Labs researchers, which targets misconfigured servers running the web-facing services Apache Hadoop YARN, Docker, Confluence, and Redis.
The campaign utilises unique and unreported payloads, including four Golang binaries, that serve as tools to automate the discovery and infection of hosts running those services. The attackers leverage the tools to issue exploit code, taking advantage of common misconfigurations and exploiting an n-day vulnerability, to conduct Remote Code Execution (RCE) attacks and infect new hosts.
This extensive attack demonstrates the variety in initial access techniques available to cloud and Linux malware developers. Attackers are investing significant time into understanding the types of web-facing services deployed in cloud environments, keeping abreast of reported vulnerabilities and using this knowledge to gain a foothold in target environments.
Cado Security is a new client for Origin Comms. Some background for you:
Cado is the provider of the first cloud forensics and incident response platform. The platform automates forensic-level data capture and processing across cloud (AWS, Azure, GCP), container, and serverless environments. It then presents all of this data in a central console for investigation. Customers trigger Cado within their existing detection/automation platform, which ensures data is captured immediately following incident detection, allowing security teams to quickly investigate and respond. The founders are both former incident responders, with extensive experience on the frontline of responding to highly complex threats. Cado Security has offices in the US and UK.
