VMware | February 09, 2022
As the most common cloud operating system, Linux is a core part of digital infrastructure and is quickly becoming an attacker’s ticket into a multi-cloud environment. Current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks that target Linux-based workloads.
VMware, Inc. released a threat report titled “Exposing Malware in Linux-based Multi-Cloud Environments.” Key findings that detail how cybercriminals are using malware to target Linux-based operating systems include:
Ransomware is evolving to target Linux host images used to spin workloads in virtualized environments;
89 percent of cryptojacking attacks use XMRig-related libraries; and
More than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly.
Cybercriminals are dramatically expanding their scope and adding malware that targets Linux-based operating systems to their attack toolkit in order to maximize their impact with as little effort as possible. Rather than infecting an endpoint and then navigating to a higher value target, cybercriminals have discovered that compromising a single server can deliver the massive payoff and access they’re looking for. Attackers view both public and private clouds as high-value targets due to the access they provide to critical infrastructure services and confidential data. Unfortunately, current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks on Linux-based operating systems.”
Giovanni Vigna, senior director of threat intelligence at VMware
As malware targeting Linux-based operating systems increases in both volume and complexity amid a rapidly changing threat landscape, organizations must place a greater priority on threat detection. In this report, the VMware Threat Analysis Unit (TAU) analyzed the threats to Linux-based operating systems in multi-cloud environments: ransomware, cryptominers, and remote access tools.
Ransomware Targets the Cloud to Inflict Maximum Damage
As one of the leading breach causes for organizations, a successful ransomware attack on a cloud environment can have devastating consequences.(2) Ransomware attacks against cloud deployments are targeted, and are often combined with data exfiltration, implementing a double-extortion scheme that improves the odds of success. A new development shows that ransomware is evolving to target Linux host images used to spin workloads in virtualized environments. Attackers are now looking for the most valuable assets in cloud environments to inflict the maximum amount of damage to the target. Examples include the Defray777 ransomware family, which encrypted host images on ESXi servers, and the DarkSide ransomware family, which crippled Colonial Pipeline’s networks and caused a nationwide gasoline shortage in the U.S.
Cryptojacking Attacks Use XMRig to Mine Monero
Cybercriminals looking for an instant monetary reward often target cryptocurrencies using one of two approaches. Cybercriminals either include wallet-stealing functionality in malware or they monetize stolen CPU cycles to successfully mine cryptocurrencies in an attack called cryptojacking. Most cryptojacking attacks focus on mining the Monero currency (or XMR) and VMware TAU discovered that 89 percent of cryptominers used XMRig-related libraries. For this reason, when XMRig-specific libraries and modules in Linux binaries are identified, it is likely evidence of malicious cryptomining behavior. VMware TAU also observed that defense evasion is the most commonly used technique by cryptominers. Unfortunately, because cryptojacking attacks do not completely disrupt the operations of cloud environments like ransomware, they are much more difficult to detect.
Cobalt Strike Is Attackers’ Remote Access Tool of Choice
In order to gain control and persist within an environment, attackers look to install an implant on a compromised system that gives them partial control of the machine. Malware, webshells, and Remote Access Tools (RATs) can all be implants used by attackers in a compromised system to allow for remote access. One of the primary implants used by attackers is Cobalt Strike, a commercial penetration testing and red team tool, and its recent variant of Linux-based Vermilion Strike. Since Cobalt Strike is such a ubiquitous threat on Windows, the expansion out to the Linux-based operating system demonstrates the desire of threat actors to use readily available tools that target as many platforms as possible.
VMware TAU discovered more than 14,000 active Cobalt Strike Team Servers on the Internet between February 2020 and November 2021. The total percentage of cracked and leaked Cobalt Strike customer IDs is 56 percent, meaning that more than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly. The fact that RATs like Cobalt Strike and Vermilion Strike have become a commodity tool for cybercriminals poses a significant threat to enterprises.
“Since we conducted our analysis, even more ransomware families were observed gravitating to malware targeting Linux-based systems, with the potential for additional attacks that could leverage the Log4j vulnerabilities,” said Brian Baskin, manager of threat research at VMware. “The findings in this report can be used to better understand the nature of this malware and mitigate the growing threat that ransomware, cryptomining, and RATs have on multi-cloud environments. As attacks targeting the cloud continue to evolve, organizations should adopt a Zero Trust approach to embed security throughout their infrastructure and systematically address the threat vectors that make up their attack surface.”
The VMware Threat Analysis Unit (TAU) helps protect customers from cyberattacks through innovation and world-class research. TAU is composed of malware analysts, reverse engineers, threat hunters, data scientists, and intelligence analysts at VMware. To understand how to detect and prevent attacks that bypass traditional, file-centric, prevention strategies, TAU focuses on techniques that were once the domain of advanced hackers and are now moving downstream into the commodity attack market. The team leverages real-time big data, event streaming processing, static, dynamic and behavioral analytics, and machine learning.
TAU applied a composition of static and dynamic techniques to characterize various families of malware observed on Linux-based systems based on a curated dataset of metadata associated with Linux binaries. All the samples in this dataset are public and therefore they can be easily accessed using VirusTotal or various websites of major Linux distributions. TAU collected more than 11,000 benign samples from several Linux distributions, namely, Ubuntu, Debian, Mint, Fedora, CentOS, and Kali. TAU then collected a dataset of samples for two classes of threats, namely ransomware and cryptominers. Finally, TAU collected a dataset of malicious ELF binaries from VirusTotal that were used as a test malicious dataset. TAU started collecting the dataset in June 2021 and concluded in November 2021.
VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Headquartered in Palo Alto, California, VMware is committed to building a better future through the company’s 2030 Agenda.
University of Tennessee, Knoxville's Haslam College of Business | February 14, 2022
On a Thursday morning in fall 2021, the University of Tennessee, Knoxville seniors weren't sure what to expect from the next session of their capstone marketing course at the Haslam College of Business. As they took in the scenic view of a desert landscape surrounding them, they watched their fellow students fill the class space, where instructor Mark Collins stood at the front of a futuristic-looking auditorium.
These students weren't on a field trip; they were in their apartments and dorm rooms, attending an experimental hybrid section of Marketing Strategy (MARK 460), which Collins, distinguished lecturer of marketing at Haslam and director of the college's Office of Technology-Enhanced Education, believes to be the first class at UT to utilize virtual reality as a regular delivery modality.
Engaging Marketing Students in a New Way
VR technology has become common in fields like medicine where training involves high risk or high price tags, but Collins was inspired by marketers who had begun using the related technology of augmented reality, enabling users to view their physical surroundings through a phone or tablet and see computer-generated content such as a brand mascot overlaid on the space. With the encouragement of the college's leadership, he obtained Oculus Quest 2 headsets to interface with the VR platform Spatial, which provides high-quality audio and video and integrates easily with smartphones and Microsoft Office.
For this hybrid section of MARK 460, Collins planned for six or eight class sessions in the middle of the semester to be delivered via VR and the rest face-to-face. In the same semester, he taught another section of the course that was completely face-to-face. He says that while both sections achieved the required level of learning for the class, he believes the VR class absorbed the material at a higher level.
"Because it was so different, it made them focus and pay attention a lot more," says Collins, who makes a clear distinction between VR and other types of remote learning. "The interaction and engagement by the students in VR is night and day compared to if we only had met on Zoom. Part of it, I'm sure, is the fact that they're an avatar, so they don't feel that self-consciousness."
Bridgette Liederbach, a Haslam marketing major scheduled to graduate in May 2022, agrees.
Having an avatar makes the classroom experience feel personal and like we are all in the room together but also makes it less intimidating. Zoom sometimes makes me uncomfortable to have my camera on and [unmute myself] because I know everyone will see my face pop up on their screen, but using Spatial makes talking in class easier."
Bridgette Liederbach, a Haslam marketing major
Potential for Teaching Across Disciplines
For future sections of the course, Collins wants to take his entire class on a virtual field trip to a store, using VR footage of retail aisles that has already been shot.
"I want to stand there with them in front of that and say, 'OK, what's happening here? Why are there 13 different types of Cheez-Its?'" he says. "Then we can go down the aisle and see how the competitors are reacting, and what they're doing that kind of matches up with what Cheez-It did."
Other Haslam faculty members have approached Collins about the feasibility of using VR in their courses, and he is enthusiastic about the possibilities, especially as more units, apps and software become available at lower price points. While he doesn't recommend teaching full courses exclusively via VR yet, he imagines financial reports in which students could reach out to pick up information and place it where it belongs, or a VR supply chain where they could identify and manipulate bottlenecks.
"Across all disciplines, there are moments where we want the students to understand something at a really deep and meaningful level, and we can use VR to make that engagement and interaction happen," he says. "I can see using it in a focused, short time span, to keep it really powerful rather than just becoming the new normal."
VMware | April 27, 2022
VMware, Inc (NYSE:VMW), a leading innovator in enterprise software today launched VMware Aurora, a program that aims to empower persons with disabilities with the digital skills needed in today's digital workforce. The program will provide free training with a diverse set of courses and learning materials in digital and sales skills ranging from computer security and internet safety to customer relationship management, to help persons with disabilities to upskill and increase their employability in today's digital workforce.
VMware Aurora marks VMware's regional commitment to support persons with disabilities. Outside of its global initiatives, Aurora is currently catered for Singapore, with plans to expand to other countries in Asia Pacific and Japan. Working closely with various industry partners in the ecosystem such as SG Enable, Temasek Polytechnic, Singapore Association of the Visually Handicapped, Tomowork, Up 2 Speed and LinkedIn, the programme aims to equip 1,000 persons with disabilities with both business and technical skills for the future economy. The self-paced courses are delivered online via a combination of VMware curated courses and LinkedIn courses, and will provide individuals with digital and sales skills of varying capability levels from one to five. Individuals will be awarded certifications that indicate course completion after successfully completing each level and undergoing its relevant assessments.
"Our vision of building a more equitable, sustainable and secure future for our region is rooted in creating equal opportunities for everyone. To create a truly inclusive economy, it is fundamental to equip persons with disabilities with the right skills so that they too are future-ready and remain employable in IT and broader industries. We believe that technology can level the playing field for persons with disabilities and enable them to reap benefits in a digital future. The digital economy offers many opportunities and benefits and with the right skills and knowledge, we hope to empower persons with disabilities to better their lives and drive them towards greater success with their unique skillsets."
Craig Dobson, VMware's Diversity, Equity and Inclusion Lead, Asia Pacific and Japan, and Vice President of Professional Services.
According to UNESCAP, there is an estimated 472 million working-age persons with disabilities in Asia Pacific and Japan. This highlights the importance for individuals to upskill themselves with digital skills so that they have an opportunity to participate in the technology industry and bridge the talent gap. The program will be made available to those with disabilities who are citizens or permanent residents residing in Singapore aged 17 and above who have completed a secondary level of formal education or who are graduating students of a local Polytechnic or Institute of Technical Education (ITE) and have a keen interest in learning or working in the tech industry.
The launch of VMware Aurora builds on VMware's commitment to build disability inclusion into its agenda by creating a more inclusive workplace for those with disabilities and deepening its understanding of disability inclusion. Over the past two years, VMware kicked off multiple global inclusion initiatives which includes its first-ever Accessibility Week with a summit followed by an accessibility hackathon across five countries and six business units resulting in the development of ten concepts that tackle the challenges persons with disabilities face. VMware also launched a Disability Power of Difference (POD) community to roll out a series of awareness-building learning courses.
VMware software powers the world's complex digital infrastructure. The company's cloud, app modernization, networking, security, and digital workspace offerings help customers deliver any application on any cloud across any device. Headquartered in Palo Alto, California, VMware is committed to being a force for good, from its breakthrough technology innovations to its global impact.
RiverMeadow | April 19, 2022
RiverMeadow Software Inc., a leading provider of Cloud Migration and Disaster Recovery Software and Services, announced today that it has added new capability to its market-leading Cloud Migration Platform to allow customers the option to carry out VM-based or OS-based migrations to any cloud. This makes RiverMeadow the only Multi-Cloud Migration Platform in the market to offer customers the choice of how they migrate to Public Clouds, including Microsoft Azure, Google Cloud Platform (GCP) or Amazon Web Services (AWS).
"RiverMeadow is fanatically focused on delivering the most flexible Migration Platform in the market", states Jim Jordan, President and CEO of RiverMeadow. "We offer flexibility in terms of how you deploy, flexibility in terms of which cloud you're going to, and now flexibility in terms of how you migrate – by VM or by OS. By leveraging our Migration Platform in this way, RiverMeadow is uniquely positioned to address the vast majority of diverse use cases, making cloud adoption faster and more cost-effective."
Key benefits of RiverMeadow's Multi-Cloud Migration Platform include:
Flexibility of Migration:Migrate by VM - ideal for Lift and Shift; minimal impact to resourcing and minimal organisation change
– Migrate by OS - ideal for OS modernization as part of the migration; rightsizing; support for nonstandard and deprecated hypervisors
Migrate to any Target - supports VMware on any public cloud and native IaaS on Azure, AWS and GCP
Cloud Mobility - Supports migration off of public cloud and onto private or on prem or migrate between any public cloud with ease
Ease of Deployment - The Platform set can be instantiated and ready for migration inside an hour
Flexibility of Deployment - SaaS or local deployment (in choice of public cloud hypervisor or on premise)
Speed of Migrations - Designed with the principles of speed and accuracy of migrations
OS Modernization - Retire legacy Operating Systems as you migrate; the only automated modernization technology endorsed by Microsoft for Windows OS upgrades
Multi-Cloud - Single Pane of Glass to handle all migration efforts to any private or public cloud
Data Only Migration - Decouples data from the OS
– Full Migration (OS + Apps + Data)
– User Profile Migration (Physical endpoint / VDI -> VDI PaaS)
Integrated Disaster Recovery – Migrate and Protect workloads
"We are committed to delivering greater value to our customers," explains Greg Dennis, Chief Technology Officer at RiverMeadow. "The added flexibility to offer both VM-based and OS-based migrations from ANY source to any public or private cloud with zero impact to the source environment shows the extent to which we are further differentiating ourselves as an industry leader in the cloud migration market."
RiverMeadow provides a broad range of fixed-price Multi-Cloud Migration and Disaster Recovery Services and Product capability to dramatically reduce the time, cost and risk of moving physical, virtual and cloud-based workloads into and between public or private clouds.