VMware | February 09, 2022
As the most common cloud operating system, Linux is a core part of digital infrastructure and is quickly becoming an attacker’s ticket into a multi-cloud environment. Current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks that target Linux-based workloads.
VMware, Inc. released a threat report titled “Exposing Malware in Linux-based Multi-Cloud Environments.” Key findings that detail how cybercriminals are using malware to target Linux-based operating systems include:
Ransomware is evolving to target Linux host images used to spin workloads in virtualized environments;
89 percent of cryptojacking attacks use XMRig-related libraries; and
More than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly.
Cybercriminals are dramatically expanding their scope and adding malware that targets Linux-based operating systems to their attack toolkit in order to maximize their impact with as little effort as possible. Rather than infecting an endpoint and then navigating to a higher value target, cybercriminals have discovered that compromising a single server can deliver the massive payoff and access they’re looking for. Attackers view both public and private clouds as high-value targets due to the access they provide to critical infrastructure services and confidential data. Unfortunately, current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks on Linux-based operating systems.”
Giovanni Vigna, senior director of threat intelligence at VMware
As malware targeting Linux-based operating systems increases in both volume and complexity amid a rapidly changing threat landscape, organizations must place a greater priority on threat detection. In this report, the VMware Threat Analysis Unit (TAU) analyzed the threats to Linux-based operating systems in multi-cloud environments: ransomware, cryptominers, and remote access tools.
Ransomware Targets the Cloud to Inflict Maximum Damage
As one of the leading breach causes for organizations, a successful ransomware attack on a cloud environment can have devastating consequences.(2) Ransomware attacks against cloud deployments are targeted, and are often combined with data exfiltration, implementing a double-extortion scheme that improves the odds of success. A new development shows that ransomware is evolving to target Linux host images used to spin workloads in virtualized environments. Attackers are now looking for the most valuable assets in cloud environments to inflict the maximum amount of damage to the target. Examples include the Defray777 ransomware family, which encrypted host images on ESXi servers, and the DarkSide ransomware family, which crippled Colonial Pipeline’s networks and caused a nationwide gasoline shortage in the U.S.
Cryptojacking Attacks Use XMRig to Mine Monero
Cybercriminals looking for an instant monetary reward often target cryptocurrencies using one of two approaches. Cybercriminals either include wallet-stealing functionality in malware or they monetize stolen CPU cycles to successfully mine cryptocurrencies in an attack called cryptojacking. Most cryptojacking attacks focus on mining the Monero currency (or XMR) and VMware TAU discovered that 89 percent of cryptominers used XMRig-related libraries. For this reason, when XMRig-specific libraries and modules in Linux binaries are identified, it is likely evidence of malicious cryptomining behavior. VMware TAU also observed that defense evasion is the most commonly used technique by cryptominers. Unfortunately, because cryptojacking attacks do not completely disrupt the operations of cloud environments like ransomware, they are much more difficult to detect.
Cobalt Strike Is Attackers’ Remote Access Tool of Choice
In order to gain control and persist within an environment, attackers look to install an implant on a compromised system that gives them partial control of the machine. Malware, webshells, and Remote Access Tools (RATs) can all be implants used by attackers in a compromised system to allow for remote access. One of the primary implants used by attackers is Cobalt Strike, a commercial penetration testing and red team tool, and its recent variant of Linux-based Vermilion Strike. Since Cobalt Strike is such a ubiquitous threat on Windows, the expansion out to the Linux-based operating system demonstrates the desire of threat actors to use readily available tools that target as many platforms as possible.
VMware TAU discovered more than 14,000 active Cobalt Strike Team Servers on the Internet between February 2020 and November 2021. The total percentage of cracked and leaked Cobalt Strike customer IDs is 56 percent, meaning that more than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly. The fact that RATs like Cobalt Strike and Vermilion Strike have become a commodity tool for cybercriminals poses a significant threat to enterprises.
“Since we conducted our analysis, even more ransomware families were observed gravitating to malware targeting Linux-based systems, with the potential for additional attacks that could leverage the Log4j vulnerabilities,” said Brian Baskin, manager of threat research at VMware. “The findings in this report can be used to better understand the nature of this malware and mitigate the growing threat that ransomware, cryptomining, and RATs have on multi-cloud environments. As attacks targeting the cloud continue to evolve, organizations should adopt a Zero Trust approach to embed security throughout their infrastructure and systematically address the threat vectors that make up their attack surface.”
The VMware Threat Analysis Unit (TAU) helps protect customers from cyberattacks through innovation and world-class research. TAU is composed of malware analysts, reverse engineers, threat hunters, data scientists, and intelligence analysts at VMware. To understand how to detect and prevent attacks that bypass traditional, file-centric, prevention strategies, TAU focuses on techniques that were once the domain of advanced hackers and are now moving downstream into the commodity attack market. The team leverages real-time big data, event streaming processing, static, dynamic and behavioral analytics, and machine learning.
TAU applied a composition of static and dynamic techniques to characterize various families of malware observed on Linux-based systems based on a curated dataset of metadata associated with Linux binaries. All the samples in this dataset are public and therefore they can be easily accessed using VirusTotal or various websites of major Linux distributions. TAU collected more than 11,000 benign samples from several Linux distributions, namely, Ubuntu, Debian, Mint, Fedora, CentOS, and Kali. TAU then collected a dataset of samples for two classes of threats, namely ransomware and cryptominers. Finally, TAU collected a dataset of malicious ELF binaries from VirusTotal that were used as a test malicious dataset. TAU started collecting the dataset in June 2021 and concluded in November 2021.
VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Headquartered in Palo Alto, California, VMware is committed to building a better future through the company’s 2030 Agenda.
VMware Inc. | April 28, 2022
VMware Inc. (NYSE: VMW) today announced that the Defense Information Systems Agency (DISA) has added the Security Technical Implementation Guide (STIG) for VMware NSX® to the Department of Defense (DoD) Cyber Exchange.
The updated DISA STIG outlines the installation requirements, security policies and controls for deploying VMware NSX within the Department of Defense and other federal agencies. The STIG will also help provide a vetted, more secure baseline for non-DoD entities to measure their security posture.
Across the public sector, agencies are navigating accelerated innovation alongside the journey to Zero Trust security. As the threat landscape evolves, the release of DISA's STIG for VMware NSX will empower agencies to leverage VMware's advanced network virtualization and security platform to better protect and manage their multi-cloud environments. With VMware NSX, we are helping customers modernize their cloud networks to deliver apps faster while also protecting against today’s threats.”
Jennifer Chronis, vice president, public sector, VMware.
The STIG requirements confirm VMware NSX implementation is consistent with DoD cybersecurity policies, standards, architectures, security controls and validation procedures, when applicable NIST SP 800-53 cybersecurity controls are applied to all systems and architectures. The DISA STIG for VMware NSX provides guidance on configuring various components of an NSX environment, including the NSX Manager, Gateway Router, Distributed Firewall, and Gateway Firewall.
The latest version of NSX joins VMware vSphere and VMware vSAN for which DISA has previously released STIGs. To view the official STIG, visit the DoD Cyber Exchange Public website and view the STIG release memo for VMware NSX.
Multi‑Cloud for Mission Success
Earlier this month, VMware announced the findings of a study on how government agencies are scaling the use of multi-cloud environments. The study, titled “Multi-cloud Is The New Frontier Of Government IT," conducted by Forrester Consulting, found that while the move to multi-cloud is a priority, agencies face challenges in supporting growing cloud environments, including compliance standards, data security and upskilling employees.
SlashData | September 19, 2020
For immediate release
London, United Kingdom
Media contact at SlashData Ltd.
Viktorija Ignataviciute firstname.lastname@example.org
Best practises engaging Open Source and DevOps developers Developer trends; Tracking Covid effect on the industry
While industries, businesses and individuals are being challenged significantly, the Future Developer Summit is determined to turn this into an enhanced learning opportunity, open to all Developer Relations, Marketing and Advocacy community members.
Traditionally hosted in the Bay Area, CA, the 5th Future Developer Summit invites its guests to join the event remotely on 29-30 Sep & 6-7 Oct, ensuring the safety of all stakeholders. For the first time this year, the Summit offers 2 tracks: Open Source and DevOps.
Thought leaders at the Future Developer Summit
Industry leaders are coming together to discuss the future of developer marketing and developer relations. Director and VP level representatives from CNCF, Google, Microsoft, Comcast, HashiCorp, Intel, Salesforce, Facebook, MongoDB, Futurewei, Eclipse Foundation, Indeed.com, Expedia, Nutanix, and more.
Jono Bacon - author of “People Powered” and Mary Thengvall - Director of Developer Relations at Camunda are joining as event’s co-hosts. Follow new announcementsat futuredeveloper.io/
• Mike Milinkovich, Executive Director at Eclipse Foundation
• Nithya Ruff, Executive Director, OSPO at Comcast
• Stormy Peters, Director of Open Source Programs Office at Microsoft
• Adam FitzGerald, VP, Developer Relations at HashiCorp
Lightning talks - hear about successes and failures from:
• Melissa Evers-Hood - VP, Intel Architecture, Graphics and Software at Intel
• Priyanka Sharma - General Manager at CNCF
• Chris Kelly - Director, Open Source and Engineering Engagement at Salesforce
• Grace Francisco - VP, Global Developer Relations & Education at MongoDB
• Anni Lai - Head of Open Source Operations and Marketing, Cloud at Futurewei
• Duane O'Brien - Head of Open Source at Indeed.com
• Tobie Langel - Principal and founder, UnlockOpen
• Satya Singh - Principal Product Manager - Platform & Marketplaces at Expedia
• Mark Lavi - DevOps and Automation Solutions Architect at Nutanix
• Tamao Nakahara - Head of Developer Experience at Weaveworks
• Amr Awadallah - VP, Developer Relations at Google
• On 29-30 Sep & 6-7 Oct. Full agenda at futuredeveloper.io/
• The highest rated industry event with a Net Promoter Score - 94!
- Jono Bacon - author of “People Powered”
- Mary Thengvall - Director of Developer Relations at Camunda
• Remote friendly event for the global tech leaders community
• Summit offers 2 tracks: Open Source and DevOps
• 2 networks to join: Community and Exclusive
• Registration is free for all attendees. We do invite you to voluntarily contribute to Black Girls Code
• This year’s Summit coincides with SlashData’s 10-year anniversary of developer research. Join us to celebrate together!
▶ Reporters can redeem the Media Pass here.
▶ General Admission is available here.
*Senior audience only
Exclusive edition - announcement
The Future Developer Summit is opening its doors in 2 weeks! Don’t miss a chance to join an outstanding crew of industry thought leaders bringing the best learning experience for Developer Relations, Marketing and Advocacy community members.
Exclusive edition on 6-7 October
Your Unique Executive Networking Opportunity in a remote-first world
Two industry panels
How do industry leaders approach contribution to open source?
• Sam Ramji - Chief Strategy Officer at DataStax
• Chris DiBona - Director of Open Source at Google
• Nithya Ruff - Executive Director, OSPO at Comcast
• Stormy Peters - Director of Open Source Programs Office at Microsoft
The diversity of DevOps approaches and how customers are adopting it?
• Kelsey Hightower - Staff Developer Advocate, Google Cloud Platform at Google
• Greg Wilson - Director of Cloud Developer Relations at Google
• Nicole Forsgren - VP, Research and Strategy at GitHub
• TBA very soon!
Two fireside chats with:
• Jono Bacon - author of “People Powered”
• Kathy Kam - Head of Open Source & Developer Advocacy at Facebook
Two Master Classes
Using practical examples, and a lot of data as usual, we will be demonstrating how you can increase your DevRel ROI by taking data-backed decisions and what are the key reasons for using data in your decision making process.
Availability is limited → Secure Your Executive Seat
VIRTUAL DESKTOP STRATEGIES
Datometry | March 15, 2022
Datometry, the pioneer in database virtualization and a Microsoft Global Partner, today announced the availability of the Datometry Hyper-Q platform in the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure. Datometry customers can now take advantage of the productive and trusted Azure cloud platform with streamlined deployment and management.
Datometry Hyper-Q is the first virtualization platform that lets applications written for a specific database, including Teradata and Oracle, run natively on Microsoft Azure Synapse. Hyper-Q enables enterprises to re-platform to Microsoft Azure without a time-consuming, costly, and risk-laden manual database migration.
Hyper-Q emulates in real-time all database functionality that existing applications rely on using Microsoft Azure Synapse. With Hyper-Q, enterprises can modernize their data warehouse on average in under 40 weeks, without disrupting the business, while achieving cost savings of over 90% compared to other approaches.
"Microsoft Azure Marketplace has proven to be a tremendous accelerator for our sales cycles," says Chad Bonner, VP of Worldwide Sales, Datometry. "Customers are able to shorten their procurement times by weeks if not months. We also save time in budget allocations because customers can deploy funds from their Microsoft Azure commitment directly to Datometry."
We're pleased to welcome the Datometry Hyper-Q database virtualization platform to the Microsoft Azure Marketplace, which gives our partners great exposure to cloud customers around the globe. Azure Marketplace offers world-class quality experiences from global trusted partners with solutions tested to work seamlessly with Azure."
Jake Zborowski, General Manager, Microsoft Azure Platform at Microsoft Corp
The Azure Marketplace is an online market for buying and selling cloud solutions certified to run on Azure. The Azure Marketplace helps connect companies seeking innovative, cloud-based solutions with partners who have developed solutions that are ready to use.
Datometry is the leader in database system virtualization. Datometry's technology frees enterprises from vendor lock-in on their on-premises database technology and accelerates any enterprise's journey to the cloud. Datometry Hyper-Q empowers enterprises to run their existing applications directly on a cloud database of their choice without the need for costly and risk-laden database migrations. Leading Fortune 500 and Global 2000 enterprises worldwide realize significant cost savings and out-innovate their competition with Datometry during this critical period of transformation to cloud-native data management.