Over the weekend we’ve seen a crypto-mining worm spread that steals AWS credentials. It’s the first worm we’ve seen that contains such AWS specific functionality. The worm also steals local credentials, and scans the internet for misconfigured Docker platforms. We have seen the attackers, who call themselves “TeamTNT”, compromise a number of Docker and Kubernetes..
Read moreToday many have received an email titled “Your Site Has Been Hacked” claiming that your site had been hacked. This is a scam that’s pretty common at the moment – the scammers are blasting out the same template e-mail to millions of site owners. It doesn’t look like a particularly successful scam either – we’ve..
Read moreBelow we have analyzed an on-going campaign to steal AWS accounts through phishing. We’ve identified linked attacks, and outlined what attackers are doing with the stolen accounts. Lastly, we provide some recommendations on how to secure your AWS accounts against these kinds of attacks. The attack we investigated started with an e-mail sent from a..
Read more