Kinsing Malware Attacks Analysed

Uploaded on 2024-06-12 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Hackers

New research proves Kinsing an ongoing threat; discloses evolving tactics and challenges facing organssations worldwide.

Kinsing malware is a critical threat that primarily targets Linux-based systems, and can infiltrate servers and spread rapidly across a network. It gains entry by exploiting vulnerabilities in web applications or misconfigured container environments. Now, Aqua Security has published a new report, Kinsing Exposed: From Myth to Architecture – A Complete Cybersecurity Chronicle.

Kinsing covertly exploits vulnerabilities or misconfigurations in applications, executes infection scripts, deploys cryptominers often concealed by rootkits, and maintains control over servers using the Kinsing malware.This multi-layered approach proves the need for robust cyber security measures to detect, mitigate and prevent repeated attacks from the malware.

Aqua Security’s research team, Aqua Nautilus, has invested years of analysis to understanding Kinsing, identifying more than 75 applications actively exploited by Kinsing. The comprehensive report highlights the infrastructure, tactics, techniques and modus operandi of Kinsing and highlights the threat posed by Kinsing to enterprises worldwide.

Emerging as a cyber security threat in 2019, Kinsing targeted cloud native infrastructure, such as misconfigured APIs, but the threat actor quickly spread attacks across popular cloud native applications globally.

Despite efforts to disrupt its activities, Kinsing continues to evolve and adapt, posing a persistent challenge to organizations worldwide. Nautilus found that on average, honeypots were targeted by Kinsing eight times per day, with figures ranging from three to fifty attacks in a 24-hour period.

Other key findings include:

Rapid Botnet Vulnerability Integration: Kinsing has shown repeatedly the ability to swiftly integrate to its botnet exploits of newly discovered vulnerabilities in popular cloud native applications.

Global Impact: The Kinsing malware’s reach extends globally, with Shodan scans revealing potentially millions of daily attacks, emphasizing the scale of the threat and the need for international collaboration in defense efforts.

Diverse Tactics: The report highlights how Kinsing tailored its campaigns to maximise the impact of each attack. For instance, by tailoring the main payload based on the command interpreter.

Kinsing is using dedicated scripts that run on `sh` (Shell) command interpreter with basic features on Unix systems, while on systems with `bash` which is an enhanced version of `sh` that includes additional features - such as command line editing, job control, and improved scripting capabilities.

“Kinsing’s ongoing campaigns represent its dedication to evolving its operation to add new vulnerabilities and misconfigurations in cloud native environments. This adversary often acts faster de than the defenders and demonstrates the clear and present danger to organisations of all sizes,” commented Assaf Morag, Director of threat intelligence at Aqua.

“Our report serves as a stark reminder of the pervasive risk posed by Kinsing, and implores the cybersecurity community and leaders, such as Aqua, to remain vigilant and united in the face of this threat.” Morag said.

Aqua Secuity | SCMagazine | CyberArk

Image: Ideogram

You Might Also Read:

Making Open-Source Software Safer:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.