Linux systems are ubiquitous and an integral part of the Internet infrastructure. Linux systems, however, are also the Internet of Things (IoT) devices with low power consumption and have become the main target for malware targeting Linux.
With billions of Internet-connected devices such as cars, refrigerators, and network devices, IoT devices have become a primary target for some malware - and in particular for denial-of-service attacks (DDoS).
Security company CrowdStrike reports in a new report that the most common families of malware targeting Linux in 2021 were XorDDoS, Mirai and Mozi. These malware accounted for 22% of all IoT malware targeting Linux that year.
It was also the main lever of malware targeting all systems running Linux. These attacks increased by 35% in 2021 compared to 2020.
Mozi, which appeared in 2019, is a peer-to-peer botnet that uses Distributed Dashboard (DHT) (a search engine) and looks for weak Telnet passwords and known vulnerabilities in targeting networking devices, IoTs and recorders. video. Using DHT allows Mozi to hide command and control communication behind DHT legitimate traffic. There were 10 times more Mozi models in 2021 compared to 2021, Crowdstrike reports.
XorDDoS, a Linux botnet for large-scale DDoS attacks, exists at least since 2014 and scans the network for Linux servers with SSH that is not protected by a strong password or encryption keys. It tries to guess the password to give the intruders remote control of the device.
More recently, XorDDoS has started targeting Docker clusters in the cloud rather than routers and smart devices connected to the Internet. Docker containers are attractive for cryptocurrency mining software because they provide more bandwidth, CPU and memory. DDoS malware uses IoT devices because they provide more network protocols for abuse. However, as too many IoT devices have become infected, Docker clusters have become an alternative target.
According to CrowdStrike, some variants of XorDDoS are designed to scan and search Docker servers with port 2375 open, giving remote access without a root password to the host. This may give the attacker root access to the machine.
XorDDoS malware samples increased by 123% in 2021 compared to 2020, according to the company.
The Mirai also spreads targeting Linux servers with weak passwords. The most common Mirai variants today include the Sora, IZIH9 and Rekai, which increased by 33%, 39% and 83% respectively in 2021, according to CrowdStrike.
Registration in iGuRu.gr via email
Follow us on Google News