The Threat Stack Security Operations Center has observed numerous malicious actors leveraging the unique characteristics of public cloud environments to launch or hide their breaches. These SOC findings detail those specific attacks and give you steps to prevent similar incidents from happening in your environments.
Over the past two years, the Threat Stack Security Team has observed strong evidence of malicious actors leveraging the unique characteristics of public cloud environments to launch or hide their breaches. The following page shows an example of a common attack pattern observed by the Threat Stack Cloud Security Platform®.
Threat Stack’s Security Operations Center (SOC) recently discovered an ongoing and evolving cryptojacking campaign that leverages a new variant of the Shellbot malware, originally discovered by JASK in November 2018 and published in February 2019. In this new variant of the Shellbot campaign, Threat Stack has identified the addition of a new SSH brute force tool, a secondary command and control method, and the added ability to stop other cryptominers on infected servers.