Attackers Infiltrates AWS Lambda Services With Denonia Malware

Share post:

Attackers were able to exploit and infiltrate AWS Lambda services using Denonia malware.

AWS Lambda is a server-less computing service provided by Amazon Web Services that allows code execution without server deployment or management.

While the process of compromise remains unknown, information about Denonia state that the malware uses the DNS protocol to encrypt DNS requests as HTTPS traffic.

This allows the malware to bypass detection and communicate in environments where DNS queries are blocked or unauthorized.

Once running, Denonia launches XMRig, a software to extract the cryptocurrency Monero. The malware then communicates with the IP address obtained from the DNS query on port 3333, a Monero mine pool.

While the investigation of the malware is still ongoing, there are now security tips for organizations. AWS customers need to keep AWS account information secure and not share it. Organizations are also recommended to activate multifactor authentication for each account.

Organizations should only use SSL/TLS (1.2 or later) protocols to communicate with AWS resources and API, and user activity should be enabled with AWS CloudTrail.

Businesses must ensure that all hardware used to access AWS Lambda is always up to date. In addition, the operating system should be patched to reduce the risk of infection by malware while working with AWS.

The sources for this piece include an article in TechRepublic.


Related articles

Target’s new AI is aimed at employees

Target is introducing a new generative artificial intelligence tool aimed at enhancing the efficiency of its store employees...

The good and the bad of AI generated code

Generative AI tools are transforming the coding landscape, making both skilled and novice developers more efficient. However, the...

Global data breach crisis: Are Santander and Ticketmaster victims of massive cyberattacks linked to Snowflake compromise?

Santander Bank and Ticketmaster have fallen prey to extensive data breaches orchestrated by the notorious hacker group, ShinyHunters....

Starlink’s evolution making it less “TCP/IP friendly”

The rapid evolution of Starlink's satellite internet presents significant challenges for traditional Transmission Control Protocol (TCP), according to...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways