Cloud Tales Episode 02 Featuring Will Bengtson (VP of Security Engineering at HashiCorp)

Illustration Cloud

Permiso weighs in on CrowdStrike's LemonDuck malware finding

On April 22, Permiso provided their perspective of CrowdStrike’s recent publication on LemonDuck malware shifting targeting to container and cloud technologies in the CSO Online article “Cryptomining botnet targeting Docker on Linux systems”. While crypto mining malware is not typically perceived as a highly sophisticated operation, this does provide a public example of attackers shifting tactics to take advantage of cloud resources, and general lack of detection tooling and expertise in the cloud.

With this version of LemonDuck malware, the initial infection was focused on the Docker API. One of the more interesting facets of this iteration of LemonDuck beyond the Docker targeting is that it specifically disabled Alibaba’s cloud monitoring service endpoint. Learn more about the campaign and see experts weigh in:

Illustration Cloud

Related Articles

Permiso Launches Cloud Console Cartographer to Help Security Teams Make Sense of Console Activity in Cloud Logs

The open-source tool helps security teams easily transcribe log activity generated from events of AWS console sessions

Permiso Raises $18.5M Series A To Unify Threat Detection and Response In The Cloud

Permiso’s product offers a deep library of detection signals from known TTPs of modern threat actors and spans coverage across the cloud’s attack surface to detect threats in the cloud more quickly than ever

Permiso Launches CloudGrappler To Help Security Teams Better Detect Threat Actors In Their Cloud Environments

Free open source tool detects activity in cloud environments related to well-known threat actors such as LUCR-3 (Scattered Spider), the group responsible for MGM and Caesars breaches last September

View more posts