Kinsing Malware Attacks Analysed

Uploaded on 2024-06-12 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Hackers

New research proves Kinsing an ongoing threat; discloses evolving tactics and challenges facing organssations worldwide. 

Kinsing malware is a critical threat that primarily targets Linux-based systems, and can infiltrate servers and spread rapidly across a network.  It gains entry by exploiting vulnerabilities in web applications or misconfigured container environments. Now, Aqua Security  has published a new report, Kinsing Exposed: From Myth to Architecture – A Complete Cybersecurity Chronicle.

Kinsing covertly exploits vulnerabilities or misconfigurations in applications, executes infection scripts, deploys cryptominers often concealed by rootkits, and maintains control over servers using the Kinsing malware.This multi-layered approach proves the need for robust cyber security measures to detect, mitigate and prevent repeated  attacks from the malware.   

Aqua Security’s research team, Aqua Nautilus, has invested years of analysis to understanding Kinsing, identifying more than 75 applications actively exploited by Kinsing. The comprehensive report highlights the infrastructure, tactics, techniques and modus operandi of Kinsing and highlights the threat posed by Kinsing to enterprises worldwide.   

Emerging as a cyber security threat in 2019, Kinsing targeted cloud native infrastructure, such as misconfigured APIs, but the threat actor quickly spread attacks across popular cloud native applications globally. 

 Despite efforts to disrupt its activities, Kinsing continues to evolve and adapt, posing a persistent challenge to organizations worldwide. Nautilus found that on average, honeypots were targeted by Kinsing eight times per day, with figures ranging from three to fifty attacks in a 24-hour period.  

Other key findings include:   

Rapid Botnet Vulnerability Integration:  Kinsing has shown repeatedly the ability to swiftly integrate to its botnet exploits of newly discovered vulnerabilities in popular cloud native applications.   

Global Impact:   The Kinsing malware’s reach extends globally, with Shodan scans revealing potentially millions of daily attacks, emphasizing the scale of the threat and the need for international collaboration in defense efforts.  

Diverse Tactics:  The report highlights how Kinsing tailored its campaigns to maximise the impact of each attack. For instance, by tailoring the main payload based on the command interpreter. 

Kinsing is using dedicated scripts that run on `sh` (Shell) command interpreter with basic features on Unix systems, while on systems with `bash`  which is an enhanced version of `sh` that includes additional features - such as command line editing, job control, and improved scripting capabilities.       

“Kinsing’s ongoing campaigns represent its dedication to evolving its operation to add new vulnerabilities and misconfigurations in cloud native environments. This adversary often acts faster de than the defenders and demonstrates the clear and present danger to organisations of all sizes,” commented  Assaf Morag, Director of threat intelligence at Aqua.

“Our report serves as a stark reminder of the pervasive risk posed by Kinsing, and implores the cybersecurity community and leaders, such as Aqua, to remain vigilant and united in the face of this threat.” Morag said. 

Aqua Secuity   |    SCMagazine   |   CyberArk 

Image: Ideogram

You Might Also Read:

Making Open-Source Software Safer:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Is Encryption Falling Out Of Favour?
Britain's Cybersecurity Business Is Booming »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Global Learning Systems (GLS)

Global Learning Systems (GLS)

Global Learning Systems provides security awareness and compliance training programs for employees that effectively promote behavior change and protect your organization.

BPC Banking Technologies

BPC Banking Technologies

BPC’s advanced fraud prevention solution helps card issuers and acquirers combat the growing threat by monitoring 100% of transactions, online, in real-time across all channels.

CTM360

CTM360

CTM360® is a Cyber Security subscription service offering 24 x 7 x 365 Cyber Threat Management for detecting and responding to cyber threats.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

Dualog

Dualog

Dualog provides a maritime digital platform which ensures that services work reliably and securely onboard.

SpyCloud

SpyCloud

SpyCloud is a leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations.

Specops Software

Specops Software

Specops Software is a leading password management and authentication solution vendor.

Abacode

Abacode

Abacode is a Managed Security Services Provider (MSSP). We help businesses consolidate all of their Regulatory Compliance & Cybersecurity needs, under one roof.

SECURITI.ai

SECURITI.ai

SECURITI.ai's PrivacyOps platform is a full-stack solution that operationalizes and simplifies privacy compliance using robotic automation and a natural language interface.

GreyNoise Intelligence

GreyNoise Intelligence

GreyNoise Intelligence is a cyber security company that collects, labels, and analyzes Internet-wide scan and attack data.

Eaton

Eaton

Eaton provides comprehensive cybersecurity services for operational technology (OT) to help keep your operations and personnel safe.

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications and Information Protection is the technical security and intelligence service of Ukraine, under the control of the President of Ukraine.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

Digital Edge

Digital Edge

Digital Edge provides unparalleled Managed Cloud Solutions, as well as superior Information Technology Support Services.

endpointX

endpointX

endpointX is a preventative cyber security company. We help companies minimize their risk of breach by improving cyber hygiene.

MergeBase

MergeBase

Reduce software supply chain risk with MergeBase proven Software Composition Analysis (SCA).