November 6, 2023 at 06:02PM
Researchers are warning about an exploit for the “Looney Tunables” vulnerability that is being used by the Kinsing cybercrime group to gain root privileges on Linux systems. This represents a change in tactics for the group, as they typically focus on automated attacks for cryptojacking. The exploit allows the attackers to steal credentials and secrets from cloud servers. Cloud security teams and administrators are urged to take immediate action to patch vulnerabilities, secure credentials, monitor configurations, and enhance detection capabilities to prevent potential breaches.
Key takeaways from the meeting notes are:
– The Kinsing cybercrime group is exploiting the “Looney Tunables” security vulnerability on millions of Linux systems.
– This marks the first documented instance of such an exploit.
– Cloud security teams and administrators should take immediate action to address this vulnerability.
– Kinsing attackers use a reverse shell to exploit the vulnerability and carry out credential and secrets theft.
– Data that can be stolen includes Temporary Security Credentials, IAM Role Credentials, and Instance Identity Tokens.
– This strategic shift in Kinsing’s approach indicates they may plan more varied and intense activities in the future.
– Kinsing is known for targeting containers and cloud-native environments, usually through automated attacks for cryptojacking.
– The manual testing for the Looney Tunables vulnerability shows Kinsing’s intent to broaden the scope of their automated attacks, specifically targeting cloud-native environments.