Microsoft Azure Releases a Preview for Detecting Fileless Attacks on Linux
Fileless attacks make it easy for hackers to exploit software vulnerabilities, harm malicious payloads, and hide in memory. When this happens it minimizes or eliminates traces of malware on disk, and reduces the chances of detection by disk-based malware scanning. Microsoft Azure releases a preview for detecting fileless attacks on Linux. Azure’s Security Center will identify payloads in memory and inform users of the payload’s capabilities. It also scans the memory of all processes for evidence of fileless toolkits, techniques, and behaviors.
The preview for detecting fileless attacks on Linux will look for the following behaviors and user malware:
- Well known toolkits and crypto mining software.
- Shellcode, injected ELF executables, and malicious code in executable regions of process memory.
- LD_PRELOAD based rootkits to preload malicious libraries.
- Elevation of privilege of a process from non-root to root.
- Remote control of another process using ptrace.
Furthermore, if detection occurs on this new feature, users will receive an alert on the Security alerts page. This provides analysts with a greater understanding of the malware, gives more details on different attacks, and allows then to make more informed decisions when choosing remediation steps.
Lucrodyne is a proud partner of Microsoft for Azure. Please contact our certified specialists today to discuss your cloud journey.
Read this article to learn more about Microsoft Azure’s preview for detecting fileless attacks on Linux.
Follow us for the latest cloud news and job opportunities