Complimentary Cloud Identity Threat Briefings

Illustration Cloud

Permiso weighs in on CrowdStrike's LemonDuck malware finding

On April 22, Permiso provided their perspective of CrowdStrike’s recent publication on LemonDuck malware shifting targeting to container and cloud technologies in the CSO Online article “Cryptomining botnet targeting Docker on Linux systems”. While crypto mining malware is not typically perceived as a highly sophisticated operation, this does provide a public example of attackers shifting tactics to take advantage of cloud resources, and general lack of detection tooling and expertise in the cloud.

With this version of LemonDuck malware, the initial infection was focused on the Docker API. One of the more interesting facets of this iteration of LemonDuck beyond the Docker targeting is that it specifically disabled Alibaba’s cloud monitoring service endpoint. Learn more about the campaign and see experts weigh in:

Illustration Cloud

Related Articles

Permiso Offers Complimentary Cloud Identity Threat Briefings in Wake of Okta Breaches

Cloud security company has been researching and detecting attacks against the identity provider control plane for last several years and built over a hundred detections and signals based on known TTPs from advanced threat actor groups PALO ALTO,

Permiso Offers Complimentary Threat Briefings on Scattered Spider

Cloud security company has tracked the threat actor group for the past year and supported several organizations that have been targeted and impacted by recent attacks. The company's goal is to help organizations prevent breaches in cloud

Permiso 2022 - End of Year Observations

In 2022, Permiso's Cloud Detection & Response platform detected a multitude of different security events across client cloud infrastructure environments. In all cases, the detected suspicious and malicious behavior inside of their cloud environments

View more posts