CrowdStrike: Linux malware proliferation is increasing

top cybersecurity companies

The increase compared to 2020 is around 35 percent. The most commonly used malware families are XorDDoS, Mirai and Mozi.

Linux-based systems are ubiquitous and a core part of internet infrastructure, but it’s the underperforming devices of the Internet of Things (IoT) that have become the prime target for Linux malware. With billions of internet-connected devices online, such as cars, refrigerators, and networking devices, IoT devices have become a prime target for certain malware activities — particularly distributed denial-of-service (DDoS) attacks, where junk traffic is targeted to flood a target and take it offline.

Security vendor CrowdStrike finds in a new report that the most prevalent Linux-based malware families in 2021 were XorDDoS, Mirai, and Mozi, which together accounted for 22 percent of all Linux-based IoT malware that year. These were also a major driver of malware targeting all Linux-based systems, which increased by 35 percent in 2021 compared to 2020.

First emerging in 2019, Mozi malware is a peer-to-peer botnet that relies on weak telnet passwords and known vulnerabilities to target network devices, IoT and VCRs, and other internet-connected products. The use of distributed hash tables allows Mozi to hide its command and control communications behind legitimate DHT traffic. According to Crowdstrike, 2021 saw ten times more Mozi samples than previous years.

However, XorDDoS, a Linux botnet for large-scale DDoS attacks, has been around since at least 2014. It scans the Internet for Linux servers running SSH servers that are not protected by a strong password or encryption key. It attempts to guess the password to allow attackers to remotely control the device. According to CrowdStike, XorDDoS malware samples increased nearly 123 percent in 2021 compared to 2020.

Leave a Reply

Your email address will not be published.