REDIScovering Headcrab - Analysis of a Novel Malware and the Mind Behind It

Logo
Presented by

Asaf Eitani, Security Researcher at Aqua Security & Nitzan Yaakov, Security Data Analyst at Aqua Security

About this talk

HeadCrab is a highly elusive and sophisticated malware created by an advanced threat actor who utilized custom-made Redis Modules and APIs to build a full-scale malicious framework. Since 2021, the highly advanced malware has deployed several highly technical novel techniques which allowed it to infiltrate servers worldwide. It was evident that the threat actor made operational security a top priority, with several hiding techniques including specifically bypassing security solutions. In this session, we will share with you a rare and fascinating story of the attack, the tactics we employed to communicate with the attacker, and our technical analysis of both the malware and the persistent tool. We will delve into the malware's 50+ malicious capabilities, including its use of custom Redis commands as communication methods, overwriting Redis commands to avoid detection and fileless attacks to remain hidden. We will also disclose never-before-seen information about a new variant of the malware and the changes the threat actor made to avoid detection. Furthermore, we will walk you through our investigation of the command-and-control infrastructure of both variants, which led to the discovery that over 2,000 compromised servers were being used as a botnet to help the attacker stay anonymous. Join us for a captivating and insightful session, getting a glimpse into this advanced operation and the mind behind it. Key Takeaways: HeadCrab Sophistication: How this advanced malware was crafted with custom tools for stealthy operations. Evasion Techniques: Insights into the unique methods used to evade detection and maintain a low profile on infected servers. Global Impact: Learn about the extensive reach of HeadCrab malware, which commandeered a botnet of over 2,000 servers, showcasing its capacity as a pervasive cybersecurity threat.
Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (26)
Subscribers (3105)
Your home for everything cloud native! Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises. Here you'll find video content on topics, including but not limited to: Cloud Native Application Protection Platform (CNAPP) Security, Vulnerability Management, Cloud Security Posture Management (CSPM), Software Supply Chain Security, Vulnerability and Risk Scanning, Advanced Malware Protection, Cloud Workload Protection (CWPP) Kubernetes Security Posture Management (KSPM) & more!