LockBit Ransomware is Now Capable of Encrypting Linux Virtual Machines

CrowdStrike researchers have noted that Linux malware attacks have risen to over 35% last year when compared to 2020. Most of the targets are aimed at IoT for launching DDoS attacks, stated researchers.

They have also mentioned three malware families – XorDDoS, Mirai, and Mozi, which contributed to over 22% of the total attacks last year, against Linux devices. These are now seen as a growing threat, as Linux powers most of the systems in wild today.

Spike in Linux Malware Attacks

Cyberattacks Against Linux Devices Have Spiked 35% in 2021

Although we see several client-facing OS today, most of them are running on the Linux kernel as their base. As Linux is a critical part for many, hackers are in a constant mood to attack and exploit any bug found in Linux. And IoTs are their main targets, as they’re growing in number lately.

IoT devices often come with a single major purpose and are mostly neglected by most users. Any bugs within or weak credentials used by owners can let hackers take over them, and form a botnet for launching DDoS attacks. Aside from DDoS, compromised IoT devices can also be used for breaching into corporate networks, mine cryptocurrency, serve as hackers C2 and facilitate spam email campaigns.

As they’re growing concern, researchers at CrowdStrike stated three major Linux malware families to be known by the public. These are;

XorDDoS, a Linux Trojan that uses XOR encryption for C2 communications, attacks a range of multiple Linux system architectures, like almost everything from ARM (IoT) to x64 (servers). Using port 2375, XorDDoS breaches devices through brute-forcing vulnerable devices via SSH and is notably used by Chinese hacking group “Winnti” last year.

Next up is Mirai, a notorious botnet that has a number of forked botnets since it’s an open-source project, thus having the source code being available publicly. It breaches systems through brute-forcing of weak credentials.

And lastly, Mozi is a P2P botnet that’s been in the wild for quite a time. It’s constantly evolving by adding new capabilities and uses the distributed hash table (DHT) lookup system for hiding its C2 communications from security services.

Other Trending News:-  News


Please enter your comment!
Please enter your name here