VMware | February 09, 2022
As the most common cloud operating system, Linux is a core part of digital infrastructure and is quickly becoming an attacker’s ticket into a multi-cloud environment. Current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks that target Linux-based workloads.
VMware, Inc. released a threat report titled “Exposing Malware in Linux-based Multi-Cloud Environments.” Key findings that detail how cybercriminals are using malware to target Linux-based operating systems include:
Ransomware is evolving to target Linux host images used to spin workloads in virtualized environments;
89 percent of cryptojacking attacks use XMRig-related libraries; and
More than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly.
Cybercriminals are dramatically expanding their scope and adding malware that targets Linux-based operating systems to their attack toolkit in order to maximize their impact with as little effort as possible. Rather than infecting an endpoint and then navigating to a higher value target, cybercriminals have discovered that compromising a single server can deliver the massive payoff and access they’re looking for. Attackers view both public and private clouds as high-value targets due to the access they provide to critical infrastructure services and confidential data. Unfortunately, current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks on Linux-based operating systems.”
Giovanni Vigna, senior director of threat intelligence at VMware
As malware targeting Linux-based operating systems increases in both volume and complexity amid a rapidly changing threat landscape, organizations must place a greater priority on threat detection. In this report, the VMware Threat Analysis Unit (TAU) analyzed the threats to Linux-based operating systems in multi-cloud environments: ransomware, cryptominers, and remote access tools.
Ransomware Targets the Cloud to Inflict Maximum Damage
As one of the leading breach causes for organizations, a successful ransomware attack on a cloud environment can have devastating consequences.(2) Ransomware attacks against cloud deployments are targeted, and are often combined with data exfiltration, implementing a double-extortion scheme that improves the odds of success. A new development shows that ransomware is evolving to target Linux host images used to spin workloads in virtualized environments. Attackers are now looking for the most valuable assets in cloud environments to inflict the maximum amount of damage to the target. Examples include the Defray777 ransomware family, which encrypted host images on ESXi servers, and the DarkSide ransomware family, which crippled Colonial Pipeline’s networks and caused a nationwide gasoline shortage in the U.S.
Cryptojacking Attacks Use XMRig to Mine Monero
Cybercriminals looking for an instant monetary reward often target cryptocurrencies using one of two approaches. Cybercriminals either include wallet-stealing functionality in malware or they monetize stolen CPU cycles to successfully mine cryptocurrencies in an attack called cryptojacking. Most cryptojacking attacks focus on mining the Monero currency (or XMR) and VMware TAU discovered that 89 percent of cryptominers used XMRig-related libraries. For this reason, when XMRig-specific libraries and modules in Linux binaries are identified, it is likely evidence of malicious cryptomining behavior. VMware TAU also observed that defense evasion is the most commonly used technique by cryptominers. Unfortunately, because cryptojacking attacks do not completely disrupt the operations of cloud environments like ransomware, they are much more difficult to detect.
Cobalt Strike Is Attackers’ Remote Access Tool of Choice
In order to gain control and persist within an environment, attackers look to install an implant on a compromised system that gives them partial control of the machine. Malware, webshells, and Remote Access Tools (RATs) can all be implants used by attackers in a compromised system to allow for remote access. One of the primary implants used by attackers is Cobalt Strike, a commercial penetration testing and red team tool, and its recent variant of Linux-based Vermilion Strike. Since Cobalt Strike is such a ubiquitous threat on Windows, the expansion out to the Linux-based operating system demonstrates the desire of threat actors to use readily available tools that target as many platforms as possible.
VMware TAU discovered more than 14,000 active Cobalt Strike Team Servers on the Internet between February 2020 and November 2021. The total percentage of cracked and leaked Cobalt Strike customer IDs is 56 percent, meaning that more than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly. The fact that RATs like Cobalt Strike and Vermilion Strike have become a commodity tool for cybercriminals poses a significant threat to enterprises.
“Since we conducted our analysis, even more ransomware families were observed gravitating to malware targeting Linux-based systems, with the potential for additional attacks that could leverage the Log4j vulnerabilities,” said Brian Baskin, manager of threat research at VMware. “The findings in this report can be used to better understand the nature of this malware and mitigate the growing threat that ransomware, cryptomining, and RATs have on multi-cloud environments. As attacks targeting the cloud continue to evolve, organizations should adopt a Zero Trust approach to embed security throughout their infrastructure and systematically address the threat vectors that make up their attack surface.”
The VMware Threat Analysis Unit (TAU) helps protect customers from cyberattacks through innovation and world-class research. TAU is composed of malware analysts, reverse engineers, threat hunters, data scientists, and intelligence analysts at VMware. To understand how to detect and prevent attacks that bypass traditional, file-centric, prevention strategies, TAU focuses on techniques that were once the domain of advanced hackers and are now moving downstream into the commodity attack market. The team leverages real-time big data, event streaming processing, static, dynamic and behavioral analytics, and machine learning.
TAU applied a composition of static and dynamic techniques to characterize various families of malware observed on Linux-based systems based on a curated dataset of metadata associated with Linux binaries. All the samples in this dataset are public and therefore they can be easily accessed using VirusTotal or various websites of major Linux distributions. TAU collected more than 11,000 benign samples from several Linux distributions, namely, Ubuntu, Debian, Mint, Fedora, CentOS, and Kali. TAU then collected a dataset of samples for two classes of threats, namely ransomware and cryptominers. Finally, TAU collected a dataset of malicious ELF binaries from VirusTotal that were used as a test malicious dataset. TAU started collecting the dataset in June 2021 and concluded in November 2021.
VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Headquartered in Palo Alto, California, VMware is committed to building a better future through the company’s 2030 Agenda.
SlashData | September 19, 2020
For immediate release
London, United Kingdom
Media contact at SlashData Ltd.
Viktorija Ignataviciute email@example.com
Best practises engaging Open Source and DevOps developers Developer trends; Tracking Covid effect on the industry
While industries, businesses and individuals are being challenged significantly, the Future Developer Summit is determined to turn this into an enhanced learning opportunity, open to all Developer Relations, Marketing and Advocacy community members.
Traditionally hosted in the Bay Area, CA, the 5th Future Developer Summit invites its guests to join the event remotely on 29-30 Sep & 6-7 Oct, ensuring the safety of all stakeholders. For the first time this year, the Summit offers 2 tracks: Open Source and DevOps.
Thought leaders at the Future Developer Summit
Industry leaders are coming together to discuss the future of developer marketing and developer relations. Director and VP level representatives from CNCF, Google, Microsoft, Comcast, HashiCorp, Intel, Salesforce, Facebook, MongoDB, Futurewei, Eclipse Foundation, Indeed.com, Expedia, Nutanix, and more.
Jono Bacon - author of “People Powered” and Mary Thengvall - Director of Developer Relations at Camunda are joining as event’s co-hosts. Follow new announcementsat futuredeveloper.io/
• Mike Milinkovich, Executive Director at Eclipse Foundation
• Nithya Ruff, Executive Director, OSPO at Comcast
• Stormy Peters, Director of Open Source Programs Office at Microsoft
• Adam FitzGerald, VP, Developer Relations at HashiCorp
Lightning talks - hear about successes and failures from:
• Melissa Evers-Hood - VP, Intel Architecture, Graphics and Software at Intel
• Priyanka Sharma - General Manager at CNCF
• Chris Kelly - Director, Open Source and Engineering Engagement at Salesforce
• Grace Francisco - VP, Global Developer Relations & Education at MongoDB
• Anni Lai - Head of Open Source Operations and Marketing, Cloud at Futurewei
• Duane O'Brien - Head of Open Source at Indeed.com
• Tobie Langel - Principal and founder, UnlockOpen
• Satya Singh - Principal Product Manager - Platform & Marketplaces at Expedia
• Mark Lavi - DevOps and Automation Solutions Architect at Nutanix
• Tamao Nakahara - Head of Developer Experience at Weaveworks
• Amr Awadallah - VP, Developer Relations at Google
• On 29-30 Sep & 6-7 Oct. Full agenda at futuredeveloper.io/
• The highest rated industry event with a Net Promoter Score - 94!
- Jono Bacon - author of “People Powered”
- Mary Thengvall - Director of Developer Relations at Camunda
• Remote friendly event for the global tech leaders community
• Summit offers 2 tracks: Open Source and DevOps
• 2 networks to join: Community and Exclusive
• Registration is free for all attendees. We do invite you to voluntarily contribute to Black Girls Code
• This year’s Summit coincides with SlashData’s 10-year anniversary of developer research. Join us to celebrate together!
▶ Reporters can redeem the Media Pass here.
▶ General Admission is available here.
*Senior audience only
Exclusive edition - announcement
The Future Developer Summit is opening its doors in 2 weeks! Don’t miss a chance to join an outstanding crew of industry thought leaders bringing the best learning experience for Developer Relations, Marketing and Advocacy community members.
Exclusive edition on 6-7 October
Your Unique Executive Networking Opportunity in a remote-first world
Two industry panels
How do industry leaders approach contribution to open source?
• Sam Ramji - Chief Strategy Officer at DataStax
• Chris DiBona - Director of Open Source at Google
• Nithya Ruff - Executive Director, OSPO at Comcast
• Stormy Peters - Director of Open Source Programs Office at Microsoft
The diversity of DevOps approaches and how customers are adopting it?
• Kelsey Hightower - Staff Developer Advocate, Google Cloud Platform at Google
• Greg Wilson - Director of Cloud Developer Relations at Google
• Nicole Forsgren - VP, Research and Strategy at GitHub
• TBA very soon!
Two fireside chats with:
• Jono Bacon - author of “People Powered”
• Kathy Kam - Head of Open Source & Developer Advocacy at Facebook
Two Master Classes
Using practical examples, and a lot of data as usual, we will be demonstrating how you can increase your DevRel ROI by taking data-backed decisions and what are the key reasons for using data in your decision making process.
Availability is limited → Secure Your Executive Seat
VIRTUAL SERVER INFRASTRUCTURE
KIOXIA | April 29, 2022
Next week at Dell Technologies World, KIOXIA America, Inc. will be on hand to demonstrate how its innovative solid state drives (SSDs) are accelerating customer application performance and enabling product breakthroughs. From SSDs designed with PCIe ® 5.0 technology that boost power and performance to the industry’s first lineup of Enterprise and Datacenter Standard Form Factor (EDSFF) E3.S SSDs1, best in class drives from KIOXIA are used in a number of Dell product lines.
KIOXIA, the inventor of NAND flash, sits at the forefront of flash storage and SSD innovation. Achievements such as the introduction of 3D flash memory, XL-FLASHTM storage class memory, and new form factors and interfaces underscore the contributions the company has made toward enabling next-gen applications – and transforming the digital world.
“A culture of innovation is the bedrock upon which a company can claim to offer breakthrough solutions – and both Dell and KIOXIA have that in their DNA,” commented Neville Ichhaporia, vice president of SSD marketing and product management, KIOXIA America, Inc. “We are proud to collaborate closely with Dell to push the limits of what’s possible in our new data-centric world.”
Dell Technologies World Breakout Session
On May 3rd at 1:30pm and May 4th at 10am, KIOXIA America and Dell will jointly conduct a session titled, “KIOXIA and Dell: Together on the Forefront of Storage Technology. 2022 – the Year of Breakthrough Storage Technologies.” This session focuses on the bevy of new technologies in the SSD realm that have already been seen this year, as well as those yet to be unveiled. Highlights include 24G SAS (SAS-4) bringing unprecedented speeds to SAS-equipped architectures, PCIe 5.0 technology doubling the performance of PCIe 4.0, and new form factors enabling higher performance and density than ever before.
Additionally, Neville Ichhaporia will be featured in an interview on Dell TV. The breakout session and interview will be available on the KIOXIA Dell Technologies World sponsor page and can also be viewed on the Dell Technologies World website at the conclusion of the show.
KIOXIA has been a Dell strategic supplier for two decades and a Diamond-level Dell Technologies World sponsor for multiple years. KIOXIA products can be found in numerous Dell solutions for laptop/mobile computing, desktop, data center, and enterprise servers/storage.
About KIOXIA America, Inc.
KIOXIA America, Inc. is the U.S.-based subsidiary of KIOXIA Corporation, a leading worldwide supplier of flash memory and solid-state drives (SSDs). From the invention of flash memory to today’s breakthrough BiCS FLASH™ 3D technology, KIOXIA continues to pioneer innovative memory, SSD and software solutions that enrich people's lives and expand society's horizons. The company's innovative 3D flash memory technology, BiCS FLASH, is shaping the future of storage in high-density applications, including advanced smartphones, PCs, SSDs, automotive, and data centers.
Dell Technologies | February 23, 2022
Dell Technologies introduces new telecommunications solutions and services to bolster the open telecom ecosystem and help communications service providers (CSPs) affordably ramp their transformation to open, cloud-native networks.
The telecommunications industry's growing open ecosystem gives CSPs more choice in their technologies and partners as they modernize to cloud-native networks. CSPs need the various technologies of this open ecosystem to work together seamlessly to offer differentiated edge services and reduce costs. Dell aims to remove complexity and speed modern network deployments with its Dell Telecom Cloud Foundation, Dell Open RAN Accelerator and new telecom solutions and lab capabilities.
Communications service providers are changing how they build and deploy open networks, establishing the foundation on which they can develop and deliver innovative services to capture the edge opportunity. Our expanded telecom solutions portfolio brings the open ecosystem together for network operators, giving them the simplicity and reliability they need to modernize their networks and monetize new services."
Dennis Hoffman, senior vice president and general manager, Dell Technologies Telecom Systems Business
Dell Telecom Multi-Cloud Foundation speeds network modernization, business growth
The Dell Telecom Multi-Cloud Foundation is a turnkey, end-to-end, modern network infrastructure solution that helps CSPs build and deploy open, cloud-native networks faster with lower cost and complexity. The Telecom Multi-Cloud Foundation includes Dell hardware, Dell Bare Metal Orchestrator management software and the CSPs' choice of integrated telecom cloud software platforms, including Red Hat, VMware and Wind River.
Dell is adding new Dell Bare Metal Orchestrator Modules to its software, giving CSPs the ability to deploy and lifecycle manage the entire cloud foundation stack. Once implemented, CSPs will have a scalable cloud foundation spanning core, edge and RAN for their open hardware and software environment with the flexibility to design and deploy open network functions and differentiated edge services. ACG Research estimates an up to 39% OpEx savings for CSPs deploying the Telecom Multi-Cloud Foundation in their networks. ACG Research found CSPs also save time on testing and certification, manual processes, server provisioning, software upgrades and cloud stack integration and testing.
Dell and Marvell collaborate on new hardware to accelerate Open RAN
With the introduction of virtualized and Open RAN architectures, 5G networks are undergoing a transformation that brings cloud scalability to the RAN. Existing virtualized and Open RAN alternatives have previously lacked the performance of established networks, hindering the ability for CSPs to implement cloud-native 5G.
Developed in collaboration with Marvell, the Dell Open RAN Accelerator Card is a new inline 5G Layer 1 processing card for vRAN and Open RAN solutions. Designed for Dell PowerEdge and other x86-based servers, the PCIe accelerator card brings the same Marvell OCTEON Fusion technology and performance of today's leading 5G radio networks to the Open RAN ecosystem. CSPs can have better performing systems that lower cost and power consumption, allowing them to affordably scale high performing, modern radio access networks with an open architecture approach.
"Marvell is delighted to partner with Dell Technologies to enable an open, virtualized 5G RAN architecture that delivers advanced features and performance built on our proven OCTEON® Fusion platform," said Raj Singh, executive vice president, Processors Business Unit at Marvell. "The new Dell Open RAN Accelerator Card is an innovative no-compromise, cloud-native, inline, Open RAN Layer 1 acceleration solution that addresses the shortcomings of existing vRAN alternatives."
"We're pleased to see Dell Technologies and Marvell come together to innovate and create technologies that will enhance Open RAN platform capability and vendor diversity for operators," said Andy Dunkin, Open RAN RF and digital platform development manager at Vodafone. "The promise of virtualized Open RAN platforms will be enhanced with the Dell Open Ran Accelerator Card that should offer network operators like Vodafone a less costly and more efficient path to Open RAN."
Dell and ecosystem partners help speed deployment of edge and core solutions
Dell continues to grow its open partner ecosystem with new telecom solutions for edge and core.
Dell Validated Design for Services Edge 1.2 brings together edge compute resources with private wireless connectivity, enabling the ease of deployment, scalable operations and security capabilities required for large numbers of edge locations. Enterprises can place sensors and devices at the edge of mobile networks to capture and process data in near-real time, and use the data to generate insights, optimize operations and help increase productivity. The open standards-based design now supports Airspan 5G RAN for a fast deployment of enterprise private 5G networks.
Dell Validated Design for the 5G Core with Oracle and VMware gives CSPs the choice to build a robust, scalable 5G core on industry standard infrastructure, in a more secure and reliable way. The solution can help reduce the time needed to design, test and integrate network components from multiple partners.
Dell expands telecom services and lab capabilities to drive faster ecosystem innovation
Dell continues to grow its telecom services capabilities to lead partner integration and accelerate CSPs' deployment and adoption of telecom solutions. CSPs can quickly operationalize network infrastructure with Dell ProDeploy for NFVI. The service combines Dell factory integration and field deployment options to flexibly build the optimal NFV infrastructure specific to each customer's network. The service integrates compute, networking and telecom cloud software platforms, helping CSPs deploy workloads faster and at scale, saving them time and cost. Dell's proven processes enable 68% faster infrastructure deployment time with ProDeploy.
The Dell Open Telecom Ecosystem Lab Solution Integration Platform helps CSPs and partners securely connect their lab resources to the Dell lab and infrastructure to develop and bring 5G and telecom edge services to market more quickly. With the labs interconnected to create a mini, open ecosystem, the Solution Integration Platform uses the latest DevOps techniques to conduct tests faster than manual testing, so services can be brought to market more quickly, with less risk and cost. CSPs and partners can use the new platform to conduct integrated testing and ongoing lifecycle management of Open RAN, 5G and edge services and applications.
About Dell Technologies
Dell Technologies helps organizations and individuals build their digital future and transform how they work, live and play. The company provides customers with the industry's broadest and most innovative technology and services portfolio for the data era.