Kinsing Malware Attacks Analysed

Uploaded on 2024-06-12 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Hackers

New research proves Kinsing an ongoing threat; discloses evolving tactics and challenges facing organssations worldwide. 

Kinsing malware is a critical threat that primarily targets Linux-based systems, and can infiltrate servers and spread rapidly across a network.  It gains entry by exploiting vulnerabilities in web applications or misconfigured container environments. Now, Aqua Security  has published a new report, Kinsing Exposed: From Myth to Architecture – A Complete Cybersecurity Chronicle.

Kinsing covertly exploits vulnerabilities or misconfigurations in applications, executes infection scripts, deploys cryptominers often concealed by rootkits, and maintains control over servers using the Kinsing malware.This multi-layered approach proves the need for robust cyber security measures to detect, mitigate and prevent repeated  attacks from the malware.   

Aqua Security’s research team, Aqua Nautilus, has invested years of analysis to understanding Kinsing, identifying more than 75 applications actively exploited by Kinsing. The comprehensive report highlights the infrastructure, tactics, techniques and modus operandi of Kinsing and highlights the threat posed by Kinsing to enterprises worldwide.   

Emerging as a cyber security threat in 2019, Kinsing targeted cloud native infrastructure, such as misconfigured APIs, but the threat actor quickly spread attacks across popular cloud native applications globally. 

 Despite efforts to disrupt its activities, Kinsing continues to evolve and adapt, posing a persistent challenge to organizations worldwide. Nautilus found that on average, honeypots were targeted by Kinsing eight times per day, with figures ranging from three to fifty attacks in a 24-hour period.  

Other key findings include:   

Rapid Botnet Vulnerability Integration:  Kinsing has shown repeatedly the ability to swiftly integrate to its botnet exploits of newly discovered vulnerabilities in popular cloud native applications.   

Global Impact:   The Kinsing malware’s reach extends globally, with Shodan scans revealing potentially millions of daily attacks, emphasizing the scale of the threat and the need for international collaboration in defense efforts.  

Diverse Tactics:  The report highlights how Kinsing tailored its campaigns to maximise the impact of each attack. For instance, by tailoring the main payload based on the command interpreter. 

Kinsing is using dedicated scripts that run on `sh` (Shell) command interpreter with basic features on Unix systems, while on systems with `bash`  which is an enhanced version of `sh` that includes additional features - such as command line editing, job control, and improved scripting capabilities.       

“Kinsing’s ongoing campaigns represent its dedication to evolving its operation to add new vulnerabilities and misconfigurations in cloud native environments. This adversary often acts faster de than the defenders and demonstrates the clear and present danger to organisations of all sizes,” commented  Assaf Morag, Director of threat intelligence at Aqua.

“Our report serves as a stark reminder of the pervasive risk posed by Kinsing, and implores the cybersecurity community and leaders, such as Aqua, to remain vigilant and united in the face of this threat.” Morag said. 

Aqua Secuity   |    SCMagazine   |   CyberArk 

Image: Ideogram

You Might Also Read:

Making Open-Source Software Safer:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Is Encryption Falling Out Of Favour?
Britain's Cybersecurity Business Is Booming »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

RevenueStream

RevenueStream

RevenueStream uses an innovative algorithmic approach to intercept and prevent payment fraud before it even happens.

Sensible Vision

Sensible Vision

SensibleVision helps organizations transparently protect data and prevent costly security breaches by constantly verifying the identities of people who use computers or mobile devices.

Mantix4

Mantix4

Mantix4’s M4 Cyber Threat Hunting Platform actively defends against cyber threats.

Improsec

Improsec

Improsec is a fully independent Cyber Security advisory company - we provide knowledge, experience and both strategic and deep technical expertise to our clients.

SecurityGate

SecurityGate

SecurityGate.io is the only Integrated Risk Management platform built for OT/ICS cybersecurity. The leading Risk Assessment Platform for Critical Infrastructure.

AnaVation

AnaVation

AnaVation is a trusted partner delivering high-value, cost-effective solutions that solve the most complex technical and analytical problems for our customers.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

du

du

du is a telecommunications service provider providing UAE businesses with a vast range of ICT and managed services.

Prelude

Prelude

Prelude offer the first autonomous platform built to attack, defend and train critical assets through continuous red-teaming.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

Cygna Labs

Cygna Labs

Cygna Labs is a software developer and one of the top three global DDI (DNS, DHCP, and IP address management) vendors.

Rescana

Rescana

Rescana offers a cyber risk management platform with the vision to remove the security team bottlenecks, accelerating business processes that require risk assessment.

TAFEcyber

TAFEcyber

TAFEcyber is an Australian based consortium focusing on the skilling of the fast-growing cyber security workforce through education and training.

Klarytee

Klarytee

Protect your data wherever it goes. Klarytee is a SaaS platform that builds security into sensitive content to enable granular control in AI, public cloud and SaaS.

Cloudaeris

Cloudaeris

Cloudaeris is a trusted Microsoft Partner, and we've got what it takes to make your business more efficient and agile.

Redapt

Redapt

Redapt is an end-to-end technology solutions provider that brings clarity to a dynamic technical environment.