Sysdig Threat Research Team – Black Hat 2024

Sysdig's Threat Research Team (TRT) is dedicated to advancing cloud-native security by investigating and reporting on the latest threats and vulnerabilities in the cloud environment. Key highlights include their discovery of the "LLMjacking" attack, which exploits stolen cloud credentials to access large language model services, potentially incurring significant financial costs for victims. Another threat, "SSH-Snake," is a worm that spreads via SSH credentials, targeting systems with known vulnerabilities. The team also uncovered the "Rebirth Botnet," a DDoS-as-a-Service operation primarily targeting the gaming community, and the "AMBERSQUID" cryptojacking operation that exploits lesser-used AWS services. Additionally, they reported on the "Meson Network" attack, which rapidly created thousands of nodes using compromised accounts. Beyond threat detection, Sysdig emphasizes the importance of tools like Falco and Sysdig Secure to monitor and analyze suspicious activities, offering comprehensive insights into cloud infrastructure. The team also keeps abreast of new vulnerabilities, such as "regreSSHion" and backdoors in popular utilities, ensuring that organizations can promptly respond to emerging security challenges.