Cado Security announced new research regarding an emerging malware campaign. This malware campaign predominantly targets misconfigured servers that are running Apache Hadoop YARN, Confluence, Docker or Redis web-facing servers.
This research exhibits not just the exploitation of one service, but multiple services generally utilized in the cloud. The research further demonstrates malicious actors’ intentions to leverage security research in their attacks and to employ the Platypus reverse shell to sustain access.
The report suggests that malicious actors are investing time and resources into discerning the range of web-facing services typically used in cloud environments. Furthermore, they are leveraging vulnerabilities within those services. As a whole, the research demonstrates how malware developers have multiple access techniques at their disposal when attempting to gain access to cloud environments.