Meet the Research behind our Threat Research Team

The Sysdig Threat Research Team (TRT) focuses on identifying and mitigating cloud-native security threats, uncovering sophisticated operations like SSH-Snake, RUBYCARP, SCARLETEEL, AMBERSQUID, and LABRAT, which employ various tactics from cryptojacking to exploiting vulnerabilities in AWS services and Kubernetes. SSH-Snake is a self-modifying worm exploiting SSH credentials to spread across networks, while RUBYCARP is a decade-old Romanian botnet that uses public exploits for financial gain via cryptomining and phishing. SCARLETEEL targets cloud environments, leveraging AWS Fargate to bypass security measures, whereas AMBERSQUID exploits overlooked AWS services for cryptojacking, potentially costing victims over $10,000 daily. The LABRAT operation distinguishes itself with stealthy attack methods using undetected compiled binaries for proxyjacking and cryptomining. Additionally, Sysdig TRT addresses vulnerabilities like CVE-2024-3094 and critical Kubernetes and Docker vulnerabilities, with updated rules for runtime threat detection. Their presence at the RSA Conference 2024 aims to share insights on these cybersecurity challenges.