Dark Japanese fantasy animation series Demon Slayer: Kimetsu no Yaiba is based on the original manga series by Koyoharu Gotouge. If youre a Demon Slayer fan feeling frustrated by the contents scattered availability, this guide explains how and where to watch Demon Slayer movie Mugen Train and the series from anywhere.

Demon Slayers third season was released in Japan on April 9, 2023 on Fuji TV and will be released on Netflix May 1, 2023. Season three episodes that have been released so far are currently available on Crunchyroll and Funimation.

A new Demon Slayer compilation movie called Demon Slayer To the Swordsmith Village (released Feb. 3, 2023 in Japan), which includes footage from the first episode of season three, was released in theaters this year, but it hasnt been released online yet.

The seasons and the movie are distributed across a variety of streaming services. On that note, some streaming services and content are blocked in certain countries due to regional restrictions. If you cant find the complete Demon Slayer series or movie in your country, well show you how to access streaming services with a virtual private network (VPN), like ExpressVPN.

There are 44 Demon Slayer episodes across seasons one and two. The third season is currently being released episode by episode.

You can watch Demon Slayer: Kimetsu no Yaiba the Movie: Mugen Train on Crunchyroll and Funimation. The 2023 Swordsmith Village movie was recently released in theaters, but hasnt been released on streaming platforms yet.

Demon Slayer is available on a few streaming services; some are widely available, while others are restricted to certain countries. If you want to use a streaming platform thats blocked in your country, well show you how to access it with a VPN further down. For now, lets explore everywhere Demon Slayer is available.

The Demon Slayer series order can feel like a bit of a headspin, especially if youre new to it. There are two movies Demon Slayer: Kimetsu no Yaiba The Movie: Mugen Train (2020) and the compilation movie released this year, Demon Slayer To the Swordsmith Village (2023).

Unfortunately, we couldnt find Demon Slayer To the Swordsmith Village online. Theres the option of checking out free movie sites and torrenting sites if thats your thing, but be sure to use a VPN and antivirus software.

To keep things simple, weve created this table to show you where each season is and in which country or countries the streaming service is available. Keep reading to find out if the series is on Netflix.

If you dont mind purchasing Demon Slayer, you can do so on Amazon Prime Video U.S. (season one and movie Mugen Train), Vudu (season one and movie Mugen Train), Google Play (movie Mugen Train), iTunes and YouTube Movies & TV (season one and movie Mugen Train).

Yes, Demon Slayer is on Netflix, but not the movie. We found seasons one and two in various, but not all, Netflix libraries. For example, the series isnt available on Netflix Australia, so if youre in Australia or another country that doesnt have Demon Slayer on Netflix, youll need to use a VPN to get around the geoblocks. Season three will be released on Netflix on May 1.

When Demon Slayer season three drops in May, you can stream it on Netflix. If you cant find season three on Netflix in your country, you can connect to a U.S. server (or a server in another country where season three will be available, like France). Then, log in to Netflix as normal and stream the series. You can use this method to explore a wide variety of Netflix content.

If you encounter any issues, like an error message, try switching to another server. You may need to play around with a few to see which one works best. Below, well share a step-by-step how-to for accessing Netflix with a VPN on May 1.

Funimation and Crunchyroll offer free trials, both lasting 14 days. If you cant find your preferred Demon Slayer content on Crunchyroll in your country (season availability sometimes differs by country), you can get a free trial with Crunchyroll and pair it with a VPNs money-back guarantee. Then, all youd need to do is connect to a U.S. server and log in to your Crunchyroll account.

Those with a U.S. payment method can also get a free trial with Hulu, which lasts for 30 days. However, only season one is available, so you may be better off going the Crunchyroll route.

The only other way to stream Demon Slayer To the Swordsmith Village free online is to check out free movie sites and torrenting sites, but make sure you take proper precautions.

If you cant find the Demon Slayer content you want on Crunchyroll, or another service, in your country, well show you how to connect to ExpressVPN (or another VPN of your choice) and access the full U.S. library.

Season three episodes to-date have been released on Crunchyroll as of April, 2023.

Go to a reputable VPN providers website and choose your preferred plan. ExpressVPN and many other providers offer a 30-day money-back guarantee.

Find the download tab on your chosen VPNs website and go through the installation procedure.

Open the ExpressVPN app and connect to a U.S. server.

Open Crunchyroll and sign up for a free trial, if you havent already. Then, search for Demon Slayer and start streaming. If you have any issues, try connecting to a different U.S. server.

To prepare you for season threes arrival on Netflix on May 1, heres a tutorial on how to stream Demon Slayer if it isnt available on Netflix in your country.

Go to a VPNs website and sign up for one of its plans. As mentioned above, most reputable providers offer money-back guarantees.

After signing up for a plan, follow the prompts to download the VPN, or look for the download tab on the website.

Open the VPNs app and connect to a server in the United States, or another country, in which Demon Slayer season three is available.

Open Netflix, search for Demon Slayer and start streaming season three beginning May 1, 2023.

Series and movie streaming on geoblocked services is possible with a reputable and secure VPN service. Here are our top recommendations.

ExpressVPN is the best overall VPN for streaming services like Crunchyroll.

Pros:

With its unblemished security and privacy record and easy-to-use interface, ExpressVPN is our go-to provider for streaming. It works well with streaming services like Netflix and Crunchyroll, and gives beginner VPN users a really easy ride with its straightforward desktop and mobile apps.

Dont let the simplicity fool you, though ExpressVPN is packed with a diverse bunch of servers, especially in the U.S., making it a great choice for accessing U.S. streaming services and libraries.

On the downside, its an expensive service compared to the competition, but its foolproof in terms of speed, security and streaming capability. Add in a 30-day money-back guarantee, and youve got a winner. Find out more in our full ExpressVPN review.

ExpressVPN Plans

NordVPN is a lightweight, fast VPN with a nifty desktop interface.

Pros:

Cons:

As the fastest VPN out there, NordVPN is another excellent choice for streaming. Buffering can put a real dampener on a streaming session, which is why picking a VPN with good speeds is so important. NordVPN also has a very easy-to-navigate desktop interface, with a well-conceived world map design that makes switching servers a breeze.

On the other hand, if you plan to stream on mobile regularly, you might find the mobile app frustrating, because the world map feels a bit cramped and harder to navigate on a small screen. NordVPN has a 30-day money-back guarantee, and you can get into all the finer details in our NordVPN review.

The Demon Slayer: Kimetsu no Yaiba series is about a pair of siblings who lose their family in a demon attack. In an act of vengeance, and to save his sister Nezuko from turning permanently into a demon herself, the brother, 13-year-old Tanjiro, heads off to train as a member of the demon slayer corps. The voice cast includes:

Though Demon Slayer is spread across various streaming services and can be tricky to find all in one place, with a bit of know-how (and the help of a VPN), watching Demon Slayer is a piece of cake. The third season is currently being released gradually on Crunchyroll, Funimation and, very soon, on Netflix.

We hope you enjoy it.

Which streaming platform will you use to watch the Demon Slayer franchise? Will you need to use a VPN? Let us know in the comments. Thanks for reading.

Let us know if you liked the post. Thats the only way we can improve.

YesNo

Originally posted here:
How & Where to Watch Demon Slayer Movie & Seasons in 2023 ... - Cloudwards

Enlarge / The Dropcam line was eventually replaced by Nest Cam.

Dropcam

In a post on the official Google Nest Community page, Google announced it is shutting down the service for several old Nest smart home products. Most of these have not been for sale for years, but since this is all hardware tied to the cloud, turning off the servers will turn them into useless bricks. The good news is that Google is giving existing users deals on hardware upgrades to something that is supported.

View more storiesFirst up is Dropcam, which Nest and Google acquired in 2014 for $555 million and eventually turned into the Nest Cam line. Dropcam (and Dropcam Pro) server support is getting shut off on April 8, 2024, and Google says, "Dropcam will no longer work after that date, and you will no longer be able to use your Nest app to check status." The video clips are stored online, so Google adds, "If you wish to keep your video history, please download and save before this date."

Nest replaced the Dropcam line in 2015, so these cameras are all around 8 years old. Nest promises five years of support for its own products. Google isn't just cutting these users off, though; it's offering discounts on new Nest Cams if they want to keep rolling with the Google ecosystem. Google says if users are currently subscribed to Nest Aware, they'll get a free indoor, wired Nest Cam (a $100 value). Nest Aware is a $6 or $9 monthly subscription that lets you record video from the camera and store it online. Since that subscription fee will match the price of a Nest Cam in a year or two, it makes sense for Google to try to keep that subscription revenue flowing. If you don't have a Nest Aware subscription, Google is offering a 50 percent discount on the wired, indoor Nest Cam.

(Though I would encourage you to throw off the shackles of Google's always-turbulent walled garden and buy something that doesn't have a monthly fee or rely on the cloud. I like my Unifi Protect system for being self-hosted with decent hardware and a range of camera models, but there are many options out there. Nest Cams just do not offer anything that justifies the monthly fee, and it gives them a high total cost.)

This is what a Nest Secure looks like. That's a hub/keypad up top, with a keychain presence sensor and two pieces of a "Nest Detect" sensor.

Nest Detect is a combo motion sensor and door monitor.

Google

You can press a button on the Nest Detect to use a door without triggering the alarm.

Google

The Nest Tag would let you tap to disarm.

Next up on the Nest chopping block is Nest Secure. This was a $500 home security system with a keyboard, window and door sensors, motion detectors, and a keychain presence sensor. Google killed the hardware in 2020 but will keep supporting existing devices until the same day as Dropcam: April 8, 2024. Google says on that date "your Nest Secure will no longer work. It will not be accessible in the Nest app and wont connect to the internet."

When Google initially announced the Nest Secure's cancellation, it promised to support the device until at least November 2022exactly five years after the November 2017 releasebut now it's getting 6.5 years of support.

Nest Secure owners are offered a free upgrade to the new ADT systemGoogle calls this an "up to $485 value"though you'll have to do a lot of new installation work, swapping out every sensor and component to get it up and running. Another option is a $200 credit on the Google Store. If you qualify for discounts for the Nest Secure or Dropcams, Google says they'll email you. There's also a recycling program for your dead products.

The Nest smart home ecosystem, "Works with Nest" also finally got a shutdown date: September 29, 2023. "Works with Nest" was Nest's original smart home ecosystem, allowing for things like your thermostat changing when you leave the house or allowing third-party apps to control your Nest system. Third-party devices could also plug into this system and somehow interface with your thermostat, cameras, or smoke detector.

Works with Nest got a death sentence in 2019, and has been sitting on Google death row ever since. Google originally wanted to shut down Works with Nest in August 2019, but delayed the termination after a public outcry. Google still blocked Works with Nest from adding new devices in August 2019 though, so any system has been limping along since then. If something broke, you were out of luck and couldn't replace it.

At the time, Google wanted Nest users to switch to the "Works with Google Assistant" ecosystem, which is the same basic idea of smart home communication, but without the "not invented here" baggage of the acquired Nest system. It uses a Google account instead of a Nest account, has different hardware compatibility, and, critically, it let you control devices by voice. Of course, the Google Assistant also seems to be deprioritized at Google, so Works with Google Assistant isn't called Works with Google Assistant anymore; it's now called "Works with Google Home." But "Google Home" doesn't refer to the original Google Home product, which was a smart speaker. That line was killed off and replaced with the Nest Audio speakers. "Google Home" now means the app that controls your smart devices, so "Works with Google Home" means you'll see it in the app. The Nest app, which can also control some Nest devices, is being phased out in favor of the Google Home app.

View original post here:
RIP to Dropcams, Nest Secure: Google is shutting down servers next year - Ars Technica

Much in tech has changed since Sam Sebastian first joined Google in 2006. First, he and his colleagues were explaining newfangled search advertising to customers. Today, the Ohio-born executive is at the forefront of another major leap cloud computing as the Canadian head of Google Clouds operations.

When COVID-19 forced much of the worlds economy into lockdown, the thought of keeping data trapped on office-bound servers was intolerable to many CEOs. Cloud storage boomed, and forced painstaking digital transformations through in a matter of months rather than years.

Google Cloud was fairly well-positioned to capitalize on the sudden demand for off-premises yet adaptable places to store data. In a matter of minutes, companies can quickly scale up their storage to handle an influx of new data, or shed excess capacity. This flexibility is appealing to all three of Google Clouds main cohorts of customers: digital native firms like Lightspeed, stalwarts like Canadian Tire, and next-generation AI-oriented customers like Mobius.

To many average consumers, whether or not their favourite brands rely on the cloud or locally stored data is irrelevant. But firms like Google have made big business from convincing sometimes-reluctant CEOs to shell out for new operating systems capable of retrieving data from anywhere.

Youve bounced to and from multiple executive roles at Google. Your last position was in 2017. What keeps you coming back?

Yeah, Im a boomerang Googler. Theres a few of us around. I started at Google 17 years ago in the U.S. I was in different roles in the States, on the ad side for eight years. About nine years ago, I moved my family to Canada and ran the Canadian business for about three and a half years. At the time, most of our business was ads.

I loved every minute of it. But I had the opportunity to be the CEO of Pelmorex Corp., a big brand that included the Weather Network and MtoMdia. They had a business in Spain Eltiempo. So, after 11 years at Google, an opportunity to go be a CEO of a strong Canadian brand that needed to digitally transform was too good of an opportunity to pass up.

I thought I had a once-in-a-lifetime opportunity, in the early days of Google, to be on the ground floor when search advertising and YouTube was first kicking off. Now, I have the opportunity to come back and almost have a second chance at a once-in-a-million opportunity cloud which is new to many folks. Were on the cusp of this generative AI revolution, which is also tied in with the cloud. To be on another rocket ship, with another kind of revolutionary shift, was just too good to pass up.

Click to expand

Whats it like going back to a very senior position at Google after being a CEO at Pelmorex?

In the end, I have always thought about what I want to do in my career in three ways. Number one, I want to keep learning. As long as Im in a job, and Im learning a whole new set of skills, it doesnt really matter to me what role Im in. Number two, I love to lead. Regardless of whether Im leading an entire organization or a country inside of a larger multinational, so long as Im leading and working with people that inspire me, then Im good. And lastly, I need to add value.

I had never done the CEO role before. I could learn a ton. But I was an ads guy for 30 years. So, at Google, I had an opportunity to learn. I could lead great young Googlers and very experienced Googlers in cloud. I could both learn from them, but also be inspired by them. I knew the playbook for Google on the ad side because I had built out its country infrastructure.

You have a lot of leadership experience, but youre new to cloud computing itself. Are you still learning about it as you go? Are you leaning on other people? How does that work?

We have an incredible team who has made huge investments in this space, from training, evangelizing, and technology. I lean on the team significantly. But its a relatively new space. There are very few veterans in this space because it has only really been mature for a handful of years. My ultimate clients are CEOs, the C-suites and boards, and Im trying to convince them to make these tough decisions to modernize their infrastructure.

And I did that for five years figuring out how I was going to migrate on-premise stuff to the cloud at Pelmorex. We all had this MBA in cloud for two years during COVID, meaning anyone who was running a company had to figure out how to do it from home. COVID really saw demand for cloud services explode. So, to a certain extent, I had been through these wars myself as a C-suite leader.

Some businesses are very skeptical about the benefits of cloud computing. How do you convert them?

There are a couple of ways. Number one, every business has a core function. The core function of Pelmorex was weather forecasting. It was not managing data centres or modernizing technology. Doing so requires a huge set of resources, expertise and skills. To an extent, I can rent that experience and technology, and use it as I need it. Thats the ideal business model for someone who wants to really focus on their core business. When you sit down with a CEO, they will get that right away.

Then you have to go deeper and ask about the objections. They may say a cloud migration will take a long time, its not as secure as on-site storage, or there isnt a specific solution for their industry. But we can counter each of these objections. So we have to talk at the highest level with the CEO to inspire them, and then work inside the organization, and with our partners. COVID was a pretty big demand generator because, all of a sudden, folks had to manage all this stuff remotely, which is a bit more difficult when youre not in the cloud.

The vast majority of digital transformations fail. How are you trying to change that equation?

A couple of things. Digital transformations are huge projects, and any huge project comes with a lot of risk. What we try to do is break that project down, atomize it, and create a bunch of different milestones over time and then put all the right people on various parts of the project. One client, one vendor, one cloud player cant solve everything.

Whenever theres a burning platform, and a company has to succeed, there is no other alternative. COVID was a great example. Youd be amazed at what a company or an industry can do in a matter of months. Now, were trying to leverage that to create a sense of a burning platform, a no excuse but success mentality, so we can push folks to move.

There is a perception that cloud computing is a lot less secure than relying on on-site data storage. What do you say to critics who say to avoid the cloud because it is insecure?

Just look at Google. And you can look at Amazon as well. These are massive companies that built massive infrastructure targeted by the biggest cyber threats, both internally and externally, of any company in the world. And theyve been secure. Weve had to build so much threat detection, security and authentication protocols inside all of our own technology. Now, all were doing is making those same attributes available to customers.

The hard part for customers is that they feel out of control. Once we walk them through how, frankly, theyre more exposed to risks with the work theyre doing on-premises, their objections go away. Some of the biggest threats come from people inside an organization, who have access to a lot of things that they might not otherwise have with the cloud.

A lot of Googlers in executive roles end up going back to San Francisco. Do you think thats in the cards for you?

I dont. That was the thinking when I moved to Canada nine years ago. A lot of times, executives move up here, they do a stint, they learn some things, and they take it back. After four years, the kids loved the country. My wife and I love the country. We have built some great relationships. I had built a profile inside the country so that I could continue to take on new opportunities. And so, our entire perception changed.

Thats why I had no problem leaving Google to go to a Canadian company and get even more experience inside Canada. Now, Ive come back to Google in Canada. Both of my kids are in university in Canada. Weve got no plans to leave. We love it here. And we still have lots of family back in the States, and we go back and forth, obviously. But this is home now.

This conversation has been edited for length and clarity.

Read more here:
Google Clouds Sam Sebastian on how the pandemic accelerated the shift to cloud, converting the skeptics, and why Canada is now home - Toronto Star

MLPerf remains the definitive measurement for AI performance as an independent, third-party benchmark. NVIDIAs AI platform has consistently shown leadership across both training and inference since the inception of MLPerf, including the MLPerf Inference 3.0 benchmarks released today.

Three years ago when we introduced A100, the AI world was dominated by computer vision. Generative AI has arrived, said NVIDIA founder and CEO Jensen Huang.

This is exactly why we built Hopper, specifically optimized for GPT with the Transformer Engine. Todays MLPerf 3.0 highlights Hopper delivering 4x more performance than A100.

The next level of Generative AI requires new AI infrastructure to train large language models with great energy efficiency. Customers are ramping Hopper at scale, building AI infrastructure with tens of thousands of Hopper GPUs connected by NVIDIA NVLink and InfiniBand.

The industry is working hard on new advances in safe and trustworthy Generative AI. Hopper is enabling this essential work, he said.

The latest MLPerf results show NVIDIA taking AI inference to new levels of performance and efficiency from the cloud to the edge.

Specifically, NVIDIA H100 Tensor Core GPUs running in DGX H100 systems delivered the highest performance in every test of AI inference, the job of running neural networks in production. Thanks to software optimizations, the GPUs delivered up to 54% performance gains from their debut in September.

In healthcare, H100 GPUs delivered a 31% performance increase since September on 3D-UNet, the MLPerf benchmark for medical imaging.

Powered by its Transformer Engine, the H100 GPU, based on the Hopper architecture, excelled on BERT, a transformer-based large language model that paved the way for todays broad use of generative AI.

Generative AI lets users quickly create text, images, 3D models and more. Its a capability companies from startups to cloud service providers are rapidly adopting to enable new business models and accelerate existing ones.

Hundreds of millions of people are now using generative AI tools like ChatGPT also a transformer model expecting instant responses.

At this iPhone moment of AI, performance on inference is vital. Deep learning is now being deployed nearly everywhere, driving an insatiable need for inference performance from factory floors to online recommendation systems.

NVIDIA L4 Tensor Core GPUs made their debut in the MLPerf tests at over 3x the speed of prior-generation T4 GPUs. Packaged in a low-profile form factor, these accelerators are designed to deliver high throughput and low latency in almost any server.

L4 GPUs ran all MLPerf workloads. Thanks to their support for the key FP8 format, their results were particularly stunning on the performance-hungry BERT model.

In addition to stellar AI performance, L4 GPUs deliver up to 10x faster image decode, up to 3.2x faster video processing and over 4x faster graphics and real-time rendering performance.

Announced two weeks ago at GTC, these accelerators are already available from major systems makers and cloud service providers. L4 GPUs are the latest addition to NVIDIAs portfolio of AI inference platforms launched at GTC.

NVIDIAs full-stack AI platform showed its leadership in a new MLPerf test.

The so-called network-division benchmark streams data to a remote inference server. It reflects the popular scenario of enterprise users running AI jobs in the cloud with data stored behind corporate firewalls.

On BERT, remote NVIDIA DGX A100 systems delivered up to 96% of their maximum local performance, slowed in part because they needed to wait for CPUs to complete some tasks. On the ResNet-50 test for computer vision, handled solely by GPUs, they hit the full 100%.

Both results are thanks, in large part, to NVIDIA Quantum Infiniband networking, NVIDIA ConnectX SmartNICs and software such as NVIDIA GPUDirect.

Separately, the NVIDIA Jetson AGX Orin system-on-module delivered gains of up to 63% in energy efficiency and 81% in performance compared with its results a year ago. Jetson AGX Orin supplies inference when AI is needed in confined spaces at low power levels, including on systems powered by batteries.

For applications needing even smaller modules drawing less power, the Jetson Orin NX 16G shined in its debut in the benchmarks. It delivered up to 3.2x the performance of the prior-generation Jetson Xavier NX processor.

The MLPerf results show NVIDIA AI is backed by the industrys broadest ecosystem in machine learning.

Ten companies submitted results on the NVIDIA platform in this round. They came from the Microsoft Azure cloud service and system makers including ASUS, Dell Technologies, GIGABYTE, H3C, Lenovo, Nettrix, Supermicro and xFusion.

Their work shows users can get great performance with NVIDIA AI both in the cloud and in servers running in their own data centers.

NVIDIA partners participate in MLPerf because they know its a valuable tool for customers evaluating AI platforms and vendors. Results in the latest round demonstrate that the performance they deliver today will grow with the NVIDIA platform.

NVIDIA AI is the only platform to run all MLPerf inference workloads and scenarios in data center and edge computing. Its versatile performance and efficiency make users the real winners.

Real-world applications typically employ many neural networks of different kinds that often need to deliver answers in real time.

For example, an AI application may need to understand a users spoken request, classify an image, make a recommendation and then deliver a response as a spoken message in a human-sounding voice. Each step requires a different type of AI model.

The MLPerf benchmarks cover these and other popular AI workloads. Thats why the tests ensure IT decision makers will get performance thats dependable and flexible to deploy.

Users can rely on MLPerf results to make informed buying decisions, because the tests are transparent and objective. The benchmarks enjoy backing from a broad group that includes Arm, Baidu, Facebook AI, Google, Harvard, Intel, Microsoft, Stanford and the University of Toronto.

The software layer of the NVIDIA AI platform, NVIDIA AI Enterprise, ensures users get optimized performance from their infrastructure investments as well as the enterprise-grade support, security and reliability required to run AI in the corporate data center.

All the software used for these tests is available from the MLPerf repository, so anyone can get these world-class results.

Optimizations are continuously folded into containers available on NGC, NVIDIAs catalog for GPU-accelerated software. The catalog hosts NVIDIA TensorRT, used by every submission in this round to optimize AI inference.

Read this technical blog for a deeper dive into the optimizations fueling NVIDIAs MLPerf performance and efficiency.

Read this article:
H100, L4 and Orin Raise the Bar for Inference in MLPerf - Nvidia

Threat actors have found a lucrative new attack vector that hijacks legitimate proxyware services, whichallow people to sell portions of their Internet bandwidth to third parties.In large-scale attacks that exploit cloud-based systems, cybercriminals can use this vector dubbed "proxyjacking" to earn potentially hundreds of thousands of dollars per month in passive income, researchers from Sysdig Threat Research Team (TRT) have found.

In a February blog post, Kaspersky researchers describedproxyware services like this: "[Users install a client that creates a]proxy server. Installed on a desktop computer or smartphone, it makes the device's Internet connection accessible to an outside party." That outside party the proxyware service then resells an agreed-upon portion of the user's bandwidth to other people.

"Depending on how long the program remains enabled and how much bandwidth it is permitted to use, the client accumulates points [for the user]that can eventually be converted into currency and transferred to a bank account," according to researchers at Kaspersky.

In one attack that the Sysdig researchers observed, threat actors compromised a container in a cloud environment using the Log4j vulnerability, and then installed a proxywareagent that turned the system into a proxy server without the container-owner's knowledge, the researchers revealed in a blog post on April 4.

This allowed the attacker to "sell the IP to a proxyware service and collect the profit," in an unusual type of Log4j exploit. Usually, Log4j attacks involve anactor dropping a backdoor or cryptojacking payload on the device, Crystal Morin, Sysdig threat research engineer, wrote in the post. "While Log4j attacks are common, the payload used in this case was uncommon," she wrote.

Proxyjacking shares characteristics of cryptojacking in that both profit off the bandwidth ofa victim and bothare about equally profitable for the attacker, Morin said. However, these attacks differ in that attackers typically install CPU-based miners to extract maximum value from compromised systems, while proxyjacking mainly uses network resources leaving a minimal CPU footprint, she wrote.

"Nearly every piece of monitoring software will have CPU usage as one of the first (and rightfully most important) metrics," she wrote. "Proxyjacking's effect on the system is marginal: 1 GB of network traffic spread out over a month is tens of megabytes per day very likely to go unnoticed."

Proxyjacking is a relatively new phenomenon spurred by the growth and use of proxyware services in the last couple of years, the researchers said. As mentioned, these services, such as IPRoyal, Honeygain, and Peer2Profit, are installed as apps or software on Internet-connected devices that, when running, allow someone to share Internet bandwidth by paying to use the IP address of the app users.

Proxyware comes in handy for people who want to use someone else's IP address for activity such as watching a YouTube video that isn't available in their region, conducting unrestricted Web scraping and surfing, or browsing dubious websites without attributing the activity to their own IP, the researchers said. According to the service, people pay for each IP address that someone shares via proxyware based on the number of hours they run the application.

In the attack investigated by Sysdig researchers, attackers targeted an unpatched Apache Solr service running in Kubernetes infrastructure to take control of a container in the environment, and then downloaded a malicious script from a command-and-control server (C2), which they placed in the /tmp folder to have privileges to perform their activity.

"The attacker's first execution was downloading an ELF file renamed /tmp/p32, which was then executed with some parameters, including the email address [emailprotected][.]com and the associated password for their pawns.app account," Morin wrote in the post.

Pawns.app is a proxyware service that has been seen sharing IPs from IPRoyal's proxy network. Indeed, Sysdig TRT correlated the binary downloaded and executed in the malicious script to the command-line interface version of the IPRoyal Pawns application from GitHub, which uses the same parameters, researchers said. In this way, attackers began using the compromised pod to earn money on the service, they said.

Attackers covered their tracks by cleaning the compromised system of their activity, clearing the history, and removing the file they dropped in the containers and the temp files, the researchers added.

While the list of proxyware services reported as being used for proxyjacking is small right now, Sysdig researchers believe that this attack vector will continue to grow and eventually "defenders will uncover more nefarious activities," Morin wrote."This is a low-effort and high-reward attack for threat actors, with the potential for far-reaching implications."

Researchers estimate that in 24 hours of activity for one proxyjacked IP address, an attacker can earn $9.60 per month. In a modest compromise of, say, 100 IP addresses then, a cybercriminal could net passive income of nearly $1,000 per month from this activity, they said.

When exploiting Log4j on unpatched systems, this figure can climb even higher, as millions of servers are still running vulnerable versions of the logging tool, and more than 23,000 of them can be reached from the Internet, according to Censys, the researchers said. "This vulnerability alone could theoretically provide more than $220,000 in profit per month" for an attacker, Morin wrote.

To avoid "receiving potentially shocking usage bills" due to proxyjacking activity, organizations need to take actions to mitigate potential attacks, the researchers said. They recommended that organizations set up billing limits and alerts with their respective cloud service provers, which can be an early indicator that something is amiss, Morin wrote.

Morin advised that organizations should also have threat-detection rules in place to receive alerts on any initial access and payload activity preceding the installation of a proxyware service application on your network.

Originally posted here:
'Proxyjacking' Cybercriminals Exploit Log4j in Emerging, Lucrative ... - Dark Reading