Kinsing Malware Attacks Analysed

Uploaded on 2024-06-12 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Hackers

New research proves Kinsing an ongoing threat; discloses evolving tactics and challenges facing organssations worldwide. 

Kinsing malware is a critical threat that primarily targets Linux-based systems, and can infiltrate servers and spread rapidly across a network.  It gains entry by exploiting vulnerabilities in web applications or misconfigured container environments. Now, Aqua Security  has published a new report, Kinsing Exposed: From Myth to Architecture – A Complete Cybersecurity Chronicle.

Kinsing covertly exploits vulnerabilities or misconfigurations in applications, executes infection scripts, deploys cryptominers often concealed by rootkits, and maintains control over servers using the Kinsing malware.This multi-layered approach proves the need for robust cyber security measures to detect, mitigate and prevent repeated  attacks from the malware.   

Aqua Security’s research team, Aqua Nautilus, has invested years of analysis to understanding Kinsing, identifying more than 75 applications actively exploited by Kinsing. The comprehensive report highlights the infrastructure, tactics, techniques and modus operandi of Kinsing and highlights the threat posed by Kinsing to enterprises worldwide.   

Emerging as a cyber security threat in 2019, Kinsing targeted cloud native infrastructure, such as misconfigured APIs, but the threat actor quickly spread attacks across popular cloud native applications globally. 

 Despite efforts to disrupt its activities, Kinsing continues to evolve and adapt, posing a persistent challenge to organizations worldwide. Nautilus found that on average, honeypots were targeted by Kinsing eight times per day, with figures ranging from three to fifty attacks in a 24-hour period.  

Other key findings include:   

Rapid Botnet Vulnerability Integration:  Kinsing has shown repeatedly the ability to swiftly integrate to its botnet exploits of newly discovered vulnerabilities in popular cloud native applications.   

Global Impact:   The Kinsing malware’s reach extends globally, with Shodan scans revealing potentially millions of daily attacks, emphasizing the scale of the threat and the need for international collaboration in defense efforts.  

Diverse Tactics:  The report highlights how Kinsing tailored its campaigns to maximise the impact of each attack. For instance, by tailoring the main payload based on the command interpreter. 

Kinsing is using dedicated scripts that run on `sh` (Shell) command interpreter with basic features on Unix systems, while on systems with `bash`  which is an enhanced version of `sh` that includes additional features - such as command line editing, job control, and improved scripting capabilities.       

“Kinsing’s ongoing campaigns represent its dedication to evolving its operation to add new vulnerabilities and misconfigurations in cloud native environments. This adversary often acts faster de than the defenders and demonstrates the clear and present danger to organisations of all sizes,” commented  Assaf Morag, Director of threat intelligence at Aqua.

“Our report serves as a stark reminder of the pervasive risk posed by Kinsing, and implores the cybersecurity community and leaders, such as Aqua, to remain vigilant and united in the face of this threat.” Morag said. 

Aqua Secuity   |    SCMagazine   |   CyberArk 

Image: Ideogram

You Might Also Read:

Making Open-Source Software Safer:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Is Encryption Falling Out Of Favour?
Britain's Cybersecurity Business Is Booming »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

iLand

iLand

iland is a global cloud service provider of secure and compliant hosting for infrastructure (IaaS), disaster recovery (DRaaS), and backup as a service (BaaS).

L J Kushner & Associates

L J Kushner & Associates

L.J. Kushner is a leading Information Security recruiting firm.

VKANSEE

VKANSEE

VKANSEE offer the world's thinnest optical fingerprint sensor for mobile device protection.

Air Informatics

Air Informatics

Air Informatics LLC provides security, information management, analytics and informatics for IT and wirelessly enabled airplanes and operations.

Featurespace

Featurespace

Featurespace is a world-leader in Adaptive Behavioural Analytics and creator of the ARIC platform for fraud and risk management.

ISMS Accreditation Center (ISMS-AC)

ISMS Accreditation Center (ISMS-AC)

ISMS-AC is the national accreditation body for Japan. The directory of members provides details of organisations offering certification services for ISO 27001.

Knowledge Transfer Network (KTN)

Knowledge Transfer Network (KTN)

KTN links new ideas and opportunities with expertise, markets and finance through our network of businesses, universities, funders and investors.

Aristi Labs

Aristi Labs

Aristi Labs provides comprehensive security solutions to help businesses protect data and intellectual property, minimizing downtime and maximizing productivity.

Syracom

Syracom

syracom is a consultancy firm specialized in development of efficient business processes. With our expertise and IT competence, we develop tailored solutions for customers in various industries.

tTech

tTech

tTech is the first and foremost company providing outsourced Information Technology solutions to businesses in Jamaica.

PKI Solutions

PKI Solutions

PKI Solutions offers Public Key Infrastructure (PKI) products, services, and training to help ensure the security of organizations now and in the future.

Sealing Technologies (SealingTech)

Sealing Technologies (SealingTech)

SealingTech is a leader in cutting edge research, products, engineering, and integration services in the Internet of Things, Edge, Machine Learning, Artificial Intelligence, and Cloud.

Techsolidity

Techsolidity

Techsolidity is an emerging e-learning platform that offers a wide range of upskilling programs worldwide in areas including cybersecurity.

SecurEyes

SecurEyes

SecurEyes is a leading cybersecurity firm that provides specialised services, including cybersecurity assessments, managed services, and governance risk and compliance services.

CoGuard

CoGuard

CoGuard is a patented solution that uses AI driven automation to provide fast, cost effective white-box penetration testing, infrastructure audits and infrastructure design services.

Metrodata Group

Metrodata Group

PT. Metrodata Electronics, known as Metrodata Group, is the leading information communication technology company in Indonesia.