Researchers identify malware that can dismantle cloud security protections

Researchers identify malware that can dismantle cloud security protections
© Istock

A team of researchers have identified a new kind of malware that they say can remove cloud security products.

Researchers from Palo Alto Networks’ Unit 42 said in a report released Thursday that the malware samples they obtained, which are used by a hacking group known as “Rocke,” showed that they could remove security products from compromised Linux cloud servers.

The Rocke group seeks to mine cryptocurrency, and has apparently found ways to derail cloud protections that might otherwise detect their malware, the researchers found.

ADVERTISEMENT

The report is particularly concerning as more and more private and public groups move toward using the cloud for online data storage purposes. This research indicates that the protections in place could be disabled.

The researchers determined that the malware would gain full control of the products, and then use the product’s main administrative control to uninstall them from the servers. The code followed instructions on how to disable the protections that were publicly available online.

The report states that products impacted by the malware were developed by two Chinese cloud computing providers that are expanding internationally: Tencent Cloud and Alibaba Cloud. Researchers have been working with both companies to address the issues, they said.

The researchers wrote that those creating malware realized “the existing cloud monitor and security products may detect the possible malware intrusion” and are taking on “new evasion technologies to avoid being detected” by cloud security measures.

The federal government is among those shifting to a more widespread use of the cloud, and last year unveiled a new strategy aimed at getting more agencies to safely take advantage of cloud services.