Community Blog How Cloud Firewall Quickly Perceives the Attack Threats

How Cloud Firewall Quickly Perceives the Attack Threats

This article shows how Cloud Firewall perceives the attack threats, also decodes the AI defense system behind Alibaba Cloud Web Application Firewall.

Cloud Firewall can quickly perceive the latest attack threats and link network-wide threat intelligence to provide you with optimal security protection and eliminate threats of cryptocurrency mining worms using its massive in-cloud computing power.

Cryptocurrency mining worms distribution on a large scale because of the persistence of common application vulnerabilities on the Internet, frequent 0-day vulnerabilities, and the highly efficient monetization of mining activities. Off-premises users can transparently access Cloud Firewall to protect their applications against various malicious attacks on the Internet. In addition, Cloud Firewall can be scaled as your business grows, so that you can pay more attention to business expansion without the need to devote a great deal of time to security.

Deep Dive into Cloud Firewall: Addressing Aggressive Mining Worms

Distribution of Cryptocurrency Mining Worms

The Security Team at Alibaba Cloud has discovered recent cloud-native cryptocurrency mining trojans distributed by common popular 0-day and n-day vulnerabilities.

Exploiting Common Vulnerabilities

In the past year, cryptocurrency mining worms have exploited common vulnerabilities (such as configuration errors and weak passwords) in network applications to continuously scan the Internet, launch attacks, and compromise hosts. The following table lists common vulnerabilities that have been recently exploited by active cryptocurrency mining worms:\

Common vulnerabilities Mining worm family
SSH, RDP, and Telnet cracking MyKings and RDPMiner
Writing data to Crontab in Redis to run commands DDG, Watchdogs, Kworkerd, and 8220
Using UDF to run commands in MySQL and SQL Server Bulehero, MyKings, and ProtonMiner
Using CouchDB to run commands 8220

Exploiting 0-day and N-day Vulnerabilities

Cryptocurrency mining worms also exploit 0-day and N-day vulnerabilities to compromise a large number of hosts before these vulnerabilities are fixed. The following table lists popular 0-day and N-day vulnerabilities that have been recently exploited by active cryptocurrency mining worms:

Cloud Firewall perceive attack threats

According to the 2018 In-cloud Mining Analysis Report released by the Alibaba Cloud security team, each round of popular 0-day attacks was accompanied by the outbreak of cryptocurrency mining worms. Cryptocurrency mining worms may interrupt businesses by occupying system resources. Some of them even carry ransomware (such as XBash), resulting in financial and data losses to enterprises.

For many enterprises, improving the level of security and protecting against the threat of cryptocurrency mining worms have become a top priority. This article uses an off-premises environment as an example to explain Alibaba Cloud's Cloud Firewall effectively defends against cryptocurrency mining worms through early prevention, Trojan worm detection, and quick damage control.

Related Blogs

Decoding the AI Defense System Behind Alibaba Cloud Web Application Firewall (WAF)

Web applications are vulnerable to all types of attacks and bear the brunt of injection and cross-origin attacks. Web Application Firewalls (WAFs) are designed to prevent and block attacks targeted at web applications and are continuously updated to protect them from security threats. A range of machine learning algorithms and models are continuously proposed and applied to security products such as WAF to eliminate security threats. However, most of these algorithms focus on supervised learning. They are used to build a classification model for specific attack types by tagging positive and negative sample data.

Similar to traditional security detection technologies, machine learning algorithms alone fail to eliminate the discrepancy between false negatives and false positives or strike a balance between coverage and detection performance. The security field still faces the challenges of open-loop problem spaces and asymmetric positive and negative spaces.

Alibaba Cloud WAF was recognized by Gartner, being placed as a "Niche Player" in the Gartner 2019 Magic Quadrant for Web Application Firewalls (WAF)
Alibaba Cloud Web Application Firewall
This article describes how the AI kernel of the intelligent defense system of Alibaba Cloud WAF resolves such challenges. The AI kernel of Alibaba Cloud WAF provides core machine intelligence capabilities, along with refined, personalized, and intelligent protection to minimize security threats for customers. AI-driven intelligent security systems are on the rise and bring greater benefits.

Setting Up Palo Alto Networks VM-Series Firewall on Alibaba Cloud

The VM-Series next-generation firewall allows developers and cloud security architects to embed inline threat and data loss prevention into their application development workflows. Third party templates combined with VM-Series automation features allows you to create "touchless" deployments that eliminate "change control friction", enabling developers to operate at the speed of the cloud. Automation features such as the API, Dynamic Address Groups and External Dynamic Lists allow you to utilize external data to drive application whitelisting and segmentation policy updates while preventing threats. Note that bootstrapping is not supported in this release.

Palo Alto Networks VM-Series firewall can be deployed on Alibaba Cloud servers easily, as described in this blog.

Related Products

Web Application Firewall

Web Application Firewall (WAF) protects your website servers against intrusions. Our service detects and blocks malicious traffic directed to your websites and applications. WAF secures your core business data and prevents server malfunctions caused by malicious activities and attacks.

Cloud Firewall

Alibaba Cloud Firewall centrally manages the policies that control the traffic from the Internet to your businesses. It also controls the traffic between VPC networks, the traffic on Express Connect instances, and the traffic generated by VPN-based remote access. Cloud Firewall is embedded with an Intrusion Prevention System (IPS) and can detect outbound connections from your assets. Alibaba Cloud Firewall can also visualize network traffic and access between businesses as well as can store network traffic logs generated within the last six months.

Related Documentation

What is WAF?

Web Application Firewall (WAF) is a security service that protects your website and app services. WAF identifies malicious web business traffic, scrubs and filters the business traffic, and then forwards normal traffic to your server. This prevents your web server from being intruded and ensures data and business security.

  1. Protect web applications against attacks.
  2. Mitigate HTTP flood attacks and filter out malicious bot traffic to ensure the performance of your web server.
  3. Provide solutions for business risk control to address security risks, such as abuse of business APIs.
  4. Support transmission of back-to-origin traffic over HTTPS and HTTP to reduce workloads of the origin server.
  5. Provide precise access control for HTTP and HTTPS traffic.
  6. Support real-time storage, analysis, and custom reporting of full logs over a long period of time. WAF can synchronize online logs with third-party platforms to help you meet compliance requirements for classified protection.

Use of WAF
After you purchase a WAF instance, add the domain name of your website to WAF. Then, resolve the domain name to the CNAME provided by WAF and configure the IP address of your origin server to enable WAF protection. After you enable WAF protection, all Internet traffic to your website is redirected to WAF. WAF then detects and filters malicious traffic and forwards normal traffic to the IP address of your origin server. This ensures security, stability, and availability of your origin server.

0 0 0
Share on

Alibaba Clouder

2,605 posts | 746 followers

You may also like