As the Kinsing malware has shown, threat actors can capitalize on cloud misconfigurations and API vulnerabilities faster than ever

According to one firm that has been studying the malware for years, on average, honeypots targeting Kinsing attracted eight attacks per day, with figures ranging from three to 50 attacks within a 24-hour period. Other known characteristics include:

  • The ability to swiftly integrate botnet exploits of newly discovered vulnerabilities in popular cloud native applications
  • A global impact that potentially involves millions of daily attacks
  • A diverse range of tactics used by threat actors to tailors campaigns to maximize the impact of each attack. For example, Kinsing’s feature set can be adapted to the command interpreter, being more basic on systems running the Bourne shell (sh), and more advanced on environments running the `bash` (Bourne-again shell)
  • Armed with anonymity, Kinsing exploits vulnerabilities or misconfigurations in applications, executes infection scripts; deploys cryptominers often concealed by rootkits; and maintains control over servers