Zambia hints at fifth telco operator

A fifth telco
for Zambia?

Enough room says
industry regulator.

Wednesday, Feb 26th

Crypto-mining malware uninstalls cloud security software

Crypto-mining malware uninstalls cloud security software

Researchers from Palo Alto Networks have discovered new crypto-mining malware that performs a previously unseen function: it uninstalls cloud security products.

In a report published last week, the company's Unit 42 global threat intelligence team claimed this unique malware family has the ability to gain admin rights on targeted systems by uninstalling cloud-security products.

The coin-mining malware is used by the Rocke group, also known as the Iron group, which is associated with the Xbash malware. The group, which has become infamous for its ransomware campaigns, uses a code that has both ransomware and coin-mining ability.

Moreover, it has characteristics of a botnet as well as a worm, as it can replicate itself, as can the notorious WannaCry and Petya/NotPetya malware.

During analysis, the researchers discovered the samples used by the Iron group employed new code to uninstall five different cloud security protection and monitoring products from compromised servers.

The attacks did not compromise any of these security products. Instead, the malware initially gained full administrative control over the hosts and then misused that control to uninstall these products in the same way a legitimate administrator would be able to.

The products in question were developed by Tencent Cloud and Alibaba Cloud (Aliyun), the two main cloud providers in China that are both expanding worldwide.

"To the best of our knowledge, this is the first malware family that developed the unique capability to target and remove cloud security products," says Palo Alto.

Unit 42 has been working with Tencent Cloud and Alibaba Cloud to address this malware evasion problem.

Public cloud infrastructure is one of the main targets for this specific cyber crime group, the company adds. "Realising the existing cloud monitor and security products may detect the possible malware intrusion, malware authors continue to create new evasion technologies to avoid being detected by cloud security product."

According to Palo Alto, this new malware employed by the Iron group highlights the fact that agent-based cloud security solutions may not be enough to stop evasive malware targeted at public cloud infrastructure.

ALSO ON ITWEB AFRICA

Global blockchain alliance to support Africa's aviation parts industry Published on 18 February 2020

Stakeholders in Maintenance, Repair and Overhaul (MRO) chain to demonstrate how technology can be used to digitally manage parts.

Epsidon Technology Distribution announces acquisition of Core Networks Published on 26 February 2020

Epsidon Technology Distribution (Pty) Ltd has acquired Core Networks (CN), effective 1 December 2019.

Liquid Telecom announces first fibre service in South Sudan Published on 24 February 2020

First phase of an agreement that covers 300km fibre backbone linking Uganda to Juba.

Free global WiFi to revolutionise internet access in Africa Published on 13 February 2020

As companies race to launch free worldwide WiFi, these projects are expected to solve global Internet access challenges, says trends analyst Dion Chang.