DEV Community: Katarina992

AWS’s Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation

Katarina992 — Mon, 18 Sep 2023 15:32:18 +0000

🚨 New cloud threat alert! 🚨

The Sysdig Threat Research Team has exposed AMBERSQUID 🦑, a stealthy #CloudNative cryptojacking operation exploiting multiple lesser-known #AWS services and costing victims over $10,000/day. Unlike a typical #cyberattack, AMBERSQUID flies under the radar by exploiting multiple services simultaneously — complicating incident response.

Dive into the details of this stealthy yet costly attack! 👇

https://sysdig.com/blog/ambersquid/

SCARLETEEL 2.0: Fargate, Kubernetes, and Crypto

Katarina992 — Tue, 11 Jul 2023 13:33:08 +0000

SCARLETEEL, an operation reported on by the Sysdig Threat Research Team last February, continues to thrive, improve tactics, and steal proprietary data. AWS Fargate, a more sophisticated environment to breach, has also become a target as their new attack tools allow them to operate within that environment.

In their most recent activities, we saw a similar strategy to what was reported in the previous blog: compromise AWS accounts through exploiting vulnerable compute services, gain persistence, and attempt to make money using cryptominers. Had we not thwarted their attack, our conservative estimate is that their mining would have cost over $4,000 per day until stopped.

Cloud Defense in Depth: Lessons from the Kinsing Malware

Katarina992 — Wed, 05 Jul 2023 15:20:12 +0000

https://sysdig.com/blog/cloud-defense-in-depth/

Bypassing Network Detection with Graftcp

Katarina992 — Wed, 08 Mar 2023 11:06:14 +0000

A new network open source tool called graftcp (GitHub page) has been discovered in everyday attacks by the Sysdig Threat Research Team (TRT). Nowadays, threat actors try to improve their techniques by using new tools (as we mentioned in the PRoot article) to enhance the compatibility of their code to hit as many targets as possible and hide their traces properly.

(https://sysdig.com/blog/bypassing-network-detection-with-graftcp/)

Understanding Kubernetes Pod Pending Problems

Katarina992 — Fri, 16 Sep 2022 12:39:43 +0000

Kubernetes pod pending is ubiquitous in every cluster, even in different levels of maturity.

If you ask any random DevOps engineer using Kubernetes to identify the most common error that torments their nightmares, a deployment with pending pods is near the top of their list (maybe only second to CrashLoopBackOff).

Trying to push an update and seeing it stuck can make DevOps nervous. Even when the solution is fairly easy, finding the cause of a pod pending and understanding the changes you need to apply can be important (Kubernetes troubleshooting is rarely trivial).

In this article, we cast some light on the different situations that cause this issue, allowing DevOps teams to find the solution quickly and, best of all, avoid it as much as possible.

Read it here: https://sysdig.com/blog/kubernetes-pod-pending-problems/