Microsoft says it’s recorded a massive increase in XorDDoS activity (254 percent) in the last six months. XorDDoS, a Linux Trojan known for its modularity and stealth, was first discovered in 2014 by the white hat research group, MalwareMustDie (MMD).
MMD believed the Linux Trojan originated in China. Based on a case study in 2015, Akamai strengthened the theory that the malware may be of Asian origin based on its targets.
Microsoft said that XorDDoS continues to home on Linux-based systems, demonstrating a significant pivot in malware targets. Since Linux is deployed on many IoT (Internet of Things) devices and cloud infrastructures, we are likely to see DDoS (distributed denial-of-system) attacks from botnets that have compromised such devices.
DDoS attacks—where normal Internet traffic to a targeted server, service, or network is overwhelmed with a flood of extra traffic from compromised machines—have become part of a greater attack scheme. Such powerful attacks are no longer conducted just to disrupt. DDoS attacks have become instrumental in successfully distracting organizations and security experts from figuring out threat actors’ end goal: Malware deployment or system infiltration. XorDDoS, in particular, has been used to compromise devices using Secure Shell (SSH) brute force attacks.
XorDDoS is as sophisticated as it gets. The only simple (yet effective) tactic it uses is to brute force its way to gain root access to various Linux architectures.
As Microsoft said in the report:
“Adept at stealing sensitive data, installing a rootkit device, using various evasion and persistence mechanisms, and performing DDoS attacks, XorDdos enables adversaries to create potentially significant disruptions on target systems. Moreover, XorDdos may be used to bring in other dangerous threats or to provide a vector for follow-on activities.”
XorDDos’s attack vector (Source: Microsoft)
Security IoT devices
If you have an IoT device at home, know there are ways to secure it. Note that you may need some assistance from the company who built your IoT device if you’re unfamiliar or unsure how to do any of the below.
Change your device’s default password to a strong one
Limit the number of IP addresses your IoT device connects to
Enable over-the-air (OTA) software updates
Use a network firewall
Use DNS filtering
Consider setting up a separate network for your IoT device(s)
When you’re not using your IoT device, turn it off.
If you plan to get an IoT device soon, buy from a well-known brand. You’re much more likely to get assistance from your supplier in beefing up your IoT device’s security.
The post Massive increase in XorDDoS Linux malware in last six months appeared first on Malwarebytes Labs.