2 min

Unit 42, the malware specialists of security specialist Palo Alto Networks, discovered for the first time malware that specifically targets cloud security applications and was able to remove them.

The security applications for public cloud environments no longer appear to be as secure as expected. According to the malware specialists of the U.S. security specialist, for the first time they came across specific malware that focuses on security applications for public cloud environments.

Cloud security of public cloud environments

The Rocke group of hackers attacked five cloud security products for the Chinese public cloud environments of Tencent Cloud and Alibaba Cloud. In their attack, the attackers first gained full administrative control over the hosts and then abused that full administrative control to remove these products. The code used by the hackers was a variant of Linux coin mining malware.

The Unit 42 malware specialists at Palo Alto Networks also pointed out that the cloud security products that were attacked were not themselves compromised, but that in this way it was possible to remove them, as administrators, for example, could do.

Main conclusions

The most important conclusion that Unit 42 draws from this example is that, in the first place, public cloud environments are increasingly in the interest of malicious parties and that this attack is a first signal of what is still to come.

Another conclusion is that now that attacks on security applications for public cloud environments are specifically being carried out, agent based cloud security products are no longer sufficient to detect and combat evasive malware. In short, security guards of public cloud environments will face more challenges in the near future.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.