Aqua Blog

Malware Attacks

HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign

HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign

This blog was co-authored by Nitzan Yaakov

Aqua Nautilus researchers discovered a new elusive and severe threat that has been infiltrating and residing on servers worldwide since early September 2021. Known as HeadCrab, this advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by …

Continue reading ›
Cloud Security Trends for 2023 Part One

Cloud Security Trends for 2023 Part One

As we think about what Cloud Native security will look like in 2023, we can’t avoid thinking about the old cat-and-mouse game cliché of cyber security. Every year new attacks emerge while new security solutions are created and old security fixes are upgraded. Threat actors constantly append new methods to the old …

Continue reading ›
Threat Alert: New Malware in the Cloud By TeamTNT

Threat Alert: New Malware in the Cloud By TeamTNT

Over the past week we observed three different attacks on our honeypots. The scripts and malware that were used bear a striking resemblance to none other than the threat actor TeamTNT. Eleven months ago they posted a farewell note on Twitter. Since then, we have only seen legacy attacks which automatically run on past …

Continue reading ›
Intro to Fileless Malware in Containers

Intro to Fileless Malware in Containers

A fileless attack is a technique that takes incremental steps toward gaining control of your environment while remaining undetected. In a fileless attack, the malware is directly loaded into memory and executed, evading common defenses and static scanning. 

Continue reading ›
Threat Alert: Fileless Malware Executing in Containers

Threat Alert: Fileless Malware Executing in Containers

Our cyber research team detected a new type of attack that executes and runs malware straight from memory in containers, thus evading common defenses and static scanning. This malware is using a rootkit to hide its running processes, then hijacks resources by executing a crypto miner from memory — leaving a backdoor …

Continue reading ›
Threat Alert: Kinsing Malware Attacks Targeting Container Environments

Threat Alert: Kinsing Malware Attacks Targeting Container Environments

Lately we’ve been witnessing a rise in the number of attacks that target container environments. We’ve been tracking an organized attack campaign that targets misconfigured open Docker Daemon API ports. This persistent campaign has been going on for months, with thousands of attempts taking place nearly on a daily …

Continue reading ›