Intel 471 researchers have identified a new malicious document builder, dubbed “EtterSilent,” leveraged by various threat actor groups. One of the build options is a weaponized Microsoft Office document (maldoc) that uses malicious macros to download and execute an externally hosted payload. The maldocs pose as templates for DocuSign, a cloud-based electronic signature service.
By the end of 2020, Microsoft 365 was used by more than one million companies worldwide. And for good reason. With the move to remote work, applications like Word and Excel, Teams, OneDrive and SharePoint, provided businesses with a familiar, easy to access, and easy to use productivity suite – all available in the cloud.
Detecting malicious processes is already complicated in cloud-native environments, as without the proper tools they are black boxes. It becomes even more complicated if those malicious processes are hidden. A malware using open source tools to evade detection has been reported. The open source project used by the malware is libprocesshider, a tool created by Sysdig’s former chief architect Gianluca.
The choice for persistent storage for your cloud native applications depends on many factors including how your cloud journey started and whether your applications were migrated or developed for the cloud. Also, depending on how early you started using containers and migrated to Kubernetes, your distribution or managed service may not have offered the persistent data services you needed.
Over the past several years, an increasing amount of organizations have been moving their applications from on-premises to cloud-hosted platforms. And with the current pandemic forcing most businesses to adopt a fully remote work environment, the cloud is even more appealing. Gartner reported that cloud spend rose by double digits in 2020, and it’s expected to continue to grow by 18.4 percent in 2021.
Cloud native has been a growing trend as organizations shift away from on-premise infrastructure and longer software release cycles towards a more iterative development approach using cloud-based tooling and infrastructure. While cloud native applications enable rapid deployments and greater scalability, this emerging software approach also introduces security challenges.
As of late, cyber threats have only grown in velocity and volume, with cybercriminals taking advantage of every new capability to grow and prosper. Couple that with a global pandemic and a sudden increase in remote working in the cloud, and you open the door to countless new vulnerabilities.
We now live in an era where the security of all layers of the software stack is immensely important, and simply open-sourcing a code base is not enough to ensure that security vulnerabilities surface and are addressed. At Teleport, we see it as a necessity to engage a third party that specializes in acting as an adversary, and provide an independent analysis of our sources.
