A new kind of malware has been identified that can remove cloud security products.
In a report released on Thursday by researchers from Palo Alto Networks’ Unit 42 said that “the malware samples they obtained, which are used by a hacking group known as “Rocke,” showed that they can dismantle security products from compromised Linux cloud servers.
The researchers found that Rocke group seeks to mine cryptocurrency, and have found ways to derail cloud protections that might otherwise detect their malware.
This news has particularly caused concern among the users because now more and more people and organization are moving toward using the cloud for data storage purposes. Now this research shows how the protection could be disabled.
The malware would gain full control of the products, and researchers determined the use of the product’s main administrative control to uninstall them from the servers. The code followed instructions on how to disable the protections, which are publicly available online.
The malware was developed by two Chinese cloud computing providers. The report states that products impacted by the expanding internationally: Tencent Cloud and Alibaba Cloud. Researchers have been working with both companies to find out more about the issues.
The researchers wrote that those creator of the malware are looking at new evasion technologies to avoid being detected because they realized the existing cloud security products are capable to detect the possible malware intrusion.
The Federal government is on the forefront of shifting to more extensive use of the cloud, and last year they revealed a new strategy aimed at getting more agencies to take advantage of cloud services.