#WeeklyCTI – FILELESS MALWARE, "HEADCRAB" TARGETS REDIS SERVERS!!!

Weekly CTI(Cyber Threat Intel) is my new series where we analyze recent cybersecurity threats in order to increase our knowledge, skills, and make us more effective cybersecurity professionals.

This week, we look at “HeadCrab”; which takes its name from the game HalfLife, is a new fileless malware threat that has taken control of over 1200 Redis servers. Thanks to the great work done by Aqua Security, we have a phenomenal technical briefing to help us understand, mitigate, and recover from HeadCrab.

You can read the AquaSec blog post here – https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware

==============
Chapters
==============
00:00 Intro
01:08 What is HeadCrab Malware?
02:25 Weekly CTI’s Mission
03:52 The Target: Redis Servers
05:03 Attack Vector: “SLAVEOF”
06:54 Execution: Malicious Redis Module
15:17 Evasion: Custom Commands
17:30 Objectives: Cryptomining
18:20 Currently Affected Areas
19:16 Detection: VirusTotal
21:26 Post-Compromise and Persistence
24:45 Breakdown of Custom Redis Commands
27:25 HeadCrab’s Motives
29:47 “Cloud Native Detection and Response”(CNDR) Tool
31:10 Mapping HeadCrab to Mitre ATT&CK
31:30 Remediation and Mitigation
33:28 Lessons Learned

#cyberthreatintelligence #cti #cybersecurity #cyberthreats #cybersec #cybersecurityengineer #malware #malwareanalysis #filelessmalware #redis #redteam #redteaming #blueteam #infosec #informationsecurity #ethicalhacking #cti #ethicalhacker #antivirus #virustotal #threathunting #ethicalhacker #hacker #hacking #cybersecuritynews #cybersecuritytips