Cloud Detection and Response Survey Report

Illustration Cloud

Permiso weighs in on CrowdStrike's LemonDuck malware finding

On April 22, Permiso provided their perspective of CrowdStrike’s recent publication on LemonDuck malware shifting targeting to container and cloud technologies in the CSO Online article “Cryptomining botnet targeting Docker on Linux systems”. While crypto mining malware is not typically perceived as a highly sophisticated operation, this does provide a public example of attackers shifting tactics to take advantage of cloud resources, and general lack of detection tooling and expertise in the cloud.

With this version of LemonDuck malware, the initial infection was focused on the Docker API. One of the more interesting facets of this iteration of LemonDuck beyond the Docker targeting is that it specifically disabled Alibaba’s cloud monitoring service endpoint. Learn more about the campaign and see experts weigh in:

Illustration Cloud

Related Articles

Permiso 2022 - End of Year Observations

In 2022, Permiso's Cloud Detection & Response platform detected a multitude of different security events across client cloud infrastructure environments. In all cases, the detected suspicious and malicious behavior inside of their cloud environments

Achieving SOC 2 Type 1 Certification - Helping companies feel more secure about Permiso while we help them secure their public cloud

We're excited to announce that Permiso is now SOC 2 Type I certified. This certification signifies that an independent third-party auditor has validated the design of our security program controls against an established set of Trust Service

P0 Labs: Helping stay ahead of cloud adversaries

As organizations continue to accelerate the shift to cloud, adversaries are following. Over the past ten (10) years I have had the opportunity to lead some of the largest and most impactful public and private Incident Response (IR) engagements at

View more posts