Kinsing Malware Attacks Analysed

New research proves Kinsing an ongoing threat; discloses evolving tactics and challenges facing organssations worldwide. 

Kinsing malware is a critical threat that primarily targets Linux-based systems, and can infiltrate servers and spread rapidly across a network.  It gains entry by exploiting vulnerabilities in web applications or misconfigured container environments. Now, Aqua Security  has published a new report, Kinsing Exposed: From Myth to Architecture – A Complete Cybersecurity Chronicle.

Kinsing covertly exploits vulnerabilities or misconfigurations in applications, executes infection scripts, deploys cryptominers often concealed by rootkits, and maintains control over servers using the Kinsing malware.This multi-layered approach proves the need for robust cyber security measures to detect, mitigate and prevent repeated  attacks from the malware.   

Aqua Security’s research team, Aqua Nautilus, has invested years of analysis to understanding Kinsing, identifying more than 75 applications actively exploited by Kinsing. The comprehensive report highlights the infrastructure, tactics, techniques and modus operandi of Kinsing and highlights the threat posed by Kinsing to enterprises worldwide.   

Emerging as a cyber security threat in 2019, Kinsing targeted cloud native infrastructure, such as misconfigured APIs, but the threat actor quickly spread attacks across popular cloud native applications globally. 

 Despite efforts to disrupt its activities, Kinsing continues to evolve and adapt, posing a persistent challenge to organizations worldwide. Nautilus found that on average, honeypots were targeted by Kinsing eight times per day, with figures ranging from three to fifty attacks in a 24-hour period.  

Other key findings include:   

Rapid Botnet Vulnerability Integration:  Kinsing has shown repeatedly the ability to swiftly integrate to its botnet exploits of newly discovered vulnerabilities in popular cloud native applications.   

Global Impact:   The Kinsing malware’s reach extends globally, with Shodan scans revealing potentially millions of daily attacks, emphasizing the scale of the threat and the need for international collaboration in defense efforts.  

Diverse Tactics:  The report highlights how Kinsing tailored its campaigns to maximise the impact of each attack. For instance, by tailoring the main payload based on the command interpreter. 

Kinsing is using dedicated scripts that run on `sh` (Shell) command interpreter with basic features on Unix systems, while on systems with `bash`  which is an enhanced version of `sh` that includes additional features - such as command line editing, job control, and improved scripting capabilities.       

“Kinsing’s ongoing campaigns represent its dedication to evolving its operation to add new vulnerabilities and misconfigurations in cloud native environments. This adversary often acts faster de than the defenders and demonstrates the clear and present danger to organisations of all sizes,” commented  Assaf Morag, Director of threat intelligence at Aqua.

“Our report serves as a stark reminder of the pervasive risk posed by Kinsing, and implores the cybersecurity community and leaders, such as Aqua, to remain vigilant and united in the face of this threat.” Morag said. 

Aqua Secuity   |    SCMagazine   |   CyberArk 

Image: Ideogram

You Might Also Read:

Making Open-Source Software Safer:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Is Encryption Falling Out Of Favour?
Britain's Cybersecurity Business Is Booming »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Fieldfisher

Fieldfisher

Fieldfisher's Technology, Outsourcing & Privacy Group has class-leading expertise in privacy, data & cybersecurity, digital media, big data, the cloud, mobile payments and mobile apps.

CyberPolicy

CyberPolicy

CyberPolicy is a cyber protection solution for small businesses. It combines three important components against cyber threats - Cyber Plan, Cybersecurity and Cyber Insurance.

Center for Cyber Safety and Education

Center for Cyber Safety and Education

The Center for Cyber Safety and Education works to ensure that people across the globe have a positive and safe experience online through our educational programs, scholarships, and research.

Search Guard

Search Guard

Search Guard® is an Open Source security suite for #Elasticsearch and the entire #ELK stack that offers encryption, authentication, authorization, audit logging and multi tenancy.

Cytelligence

Cytelligence

Cytelligence is a cyber security consulting company with deep expertise in Cyber Breach Response, Cyber Breach Investigations, and Digital Forensics.

ArcRan Information Technology

ArcRan Information Technology

ArcRan concentrates on developing comprehensive cybersecurity solutions for smart city applications. We believe that cybersecurity is the fundamental enabler of IoT development.

WWPass

WWPass

WWPass is a global cybersecurity company that provides password-less authentication and client-side encryption technology.

Qrator Labs

Qrator Labs

Qrator Labs is a leader in DDoS attack mitigation, helping organizations protect their websites from the most harmful, sophisticated DDoS attacks.

Razorpoint Cybersecurity

Razorpoint Cybersecurity

Razorpoint’s world-class security experts have provided advanced, effective cybersecurity expertise to corporate and public-sector organizations around the world.

Kiberna

Kiberna

Kiberna are a small but niche company specialising in data driven security to manage your cyber risks.

e5 Lab

e5 Lab

e5 Lab seeks to develop solutions to challenges faced by the shipping industry including digital transformation, autonomous technologies and big data in order to promote safe and efficient operations.

Aleo

Aleo

Aleo is building the world's leading developer platform for enabling absolute privacy on blockchains.

Gulf Business Machines (GBM)

Gulf Business Machines (GBM)

GBM is a leading end-to-end digital solutions provider, offering the broadest portfolio, including industry-leading digital infrastructure, digital business solutions, security and services.

Lansweeper

Lansweeper

Lansweeper is an IT Asset Management platform provider helping businesses better understand, manage and protect their IT devices and network.

OneStep Group

OneStep Group

OneStep Group are a leading Australian provider of information and communications technology (ICT) services, connecting businesses through technology solutions and support.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.