Malware for Linux systems increased to 2021
Linux -based systems are everywhere, and at the core of Internet infrastructure, low -power IoT devices are becoming the main target of Linux malware.
While a huge number of devices connected to the Internet, such as cars, refrigerators, and network equipment, are online, IoT devices are targeted for specific malware activities, that is, dispersed service refusal (DDOS) attacks.。
Security vendor CROWDSTRIKE said in a new report that the most widespread Linux -based malware families observed in 2021 were "Xorddos", "MIRAI" and "MOZI".These top three malware families accounted for 22 % of Linux -based IoT malware in 2021.Malware, which targets Linux -based OS, which is widely deployed on IoT devices, has increased by 35 % compared to 2021 and 2020.CROWDSTRIKE points out that various Linux builds and distributions are used at the core of cloud infrastructure, and mobile and IoT have a major opportunity to threat actors.
MOZI, which seems to have appeared in 2019, is a P2P botnet that uses a distributed hash table (DHT).It is an explosive "Telnet" password and known vulnerabilities, and targets Internet connection products such as network devices, IoT devices, and video recorders.Mozi hides C2 communication with a legitimate DHT traffic by using DHT.CROWDSTRIKE pointed out that MOZI's malware sample, observed in 2021, was 10 times as 2020.
The XORDDOS malware, which is used to build a Linux botnet that can be used for large -scale DDOS attacks, seems to have existed at least since 2014.The malware scan the Internet, identifies the Linux server that runs SSH, which has not sufficient passwords and encryption keys, guesses the password so that the attacker can control the server from remote areas.
Xorddos has previously targeted routers and smart devices connected to the Internet, but has recently targeted vulnerable "Docker" clusters published in the cloud.Originally, the Docker container was attractive to attackers who plan to mined cryptocians (cryptocurrencies) in terms of larger bandwidth, high -speed CPUs, and large amounts of memory.On the other hand, the attacker who sets up the DDOS malware believes that an IoT device with a large number of network protocols that can be used illegally is effective.Many IoT devices are already infected, so Docker clusters seem to be targeted instead.
According to CrowDstrike, some variants of Xorddos are scanning and exploring the Docker server that opens port 2375.This port offers an united docker socket, enabling a route access that does not require a password to Docker host from a remote location via this port.In other words, the attacker can get root access to the machine.
According to the company, the number of XORDDOS malware samples increased by nearly 123 % compared to 2021 and 2020.
MIRAI is also targeting Linux servers that use passwords with insufficient strength and spread.According to the company, the MIRAI subspecies were more distributed, such as "SORA", "IZIH9" and "Rekai", which increased 33 %, 39 %, and 83 % in 2021.
This article edited by Asahi Interactive for an article from overseas RED VENTURES for Japan.