• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Update – Windows Utility Regsvr32 Targeted by Cybercriminals – Active IOCs
February 10, 2022
Rewterz Threat Advisory – ICS: Multiple Siemens SIMATIC Vulnerabilities
February 11, 2022

Rewterz Threat Update – Increased Malware Attacks in Linux-based Multi-Cloud Environments

February 10, 2022

Severity

High

Analysis Summary

Linux environments are considered safer and more secure than windows environments. For the accessibility and security reasons, cloud services, container-based infrastructure, and Virtual Machines (VMs) are developed in Linux environments. Considering this, threat actors have started targeting Linux vulnerabilities and with sophisticated malware. As predicted by Rewterz Threat Intel Report, Ransomware has increased exponentially this year (although it just the Q1 of 2022). Ransomware groups are targeting Linux hosts to infect virtual-machine containers or images. Cobalt Strike, is a legitimate Pen test (penetration testing) toolkit that deploys “beacons” on infected devices to perform malicious behaviors. It is commonly used in ransomware attacks. The tool has become a way to manage compromised machines. So much so that Linux based versions of the tool which are protocol-compatible versions have been developed and deployed. 

“Most research has been focused on the Windows side, but we are now seeing an increase in attacks on the Linux side and especially against multicloud infrastructure,” Threat Analyst from VMware says. “Most of the cases we see involve misconfiguration at the hypervisor level or, at the server level, shared accounts, shared passwords, and poorly configured role-based access controls.”

“The main attack surface area is still stolen credentials, which has the advantage that it takes a longer time to understand that a compromise has happened,” he says. “The login could seem absolutely normal and an attacker gets access to resources, but it’s not until things start going in the wrong direction that the breach is actually identified.”

Impact

  • Exposure of Sensitive Data
  • Remote Code Execution
  • Gain Access
  • Cyber Espionage
  • Data Theft

Indicators of Compromise

URL

  • http[:]//foxofeli[.]com[:]443/template[.]css
  • https[:]//foxofeli[.]com/template[.]css
  • https[:]//theshuaianow[.]xyz/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
  • https[:]//dev[.]cubic-transportation[.]com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
  • https[:]//168[.]61[.]180[.]98/updates[.]rss

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Search for IOCs in your environment.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.