A Linux botnet has become so powerful that it could strike distributed denial-of-service, or DDoS, attacks at more than 150 Gbps, which is many times over what the typical infrastructure of companies would be able to withstand.
The botnet, which was discovered by the Security Intelligence Response Team of Akamai Technologies, is supported by malware named the XOR DDoS, and it was first discovered in September 2014. To carry out attacks, hackers install the malware on Linux systems, including devices embedded into the systems such as storage devices attached to the network and Wi-Fi routers. The attackers guess the SSG log-in credentials through brute-force attacks.
Once the credentials are obtained, the hackers access the vulnerable systems and then launch shell commands to download and then install the malware, which hides its presence in systems though rootkit methods. The infected computer then joins the rest of the infected systems in launching the DDoS attacks.
Akamai's team observed several attacks carried out recently that originated from XOR DDoS, with the attacks ranging in intensity from a few gigabits per second to as much as over 150 Gbps.
XOR DDoS is being utilized to launch attacks against 20 targets daily, with 90 percent of the targets located within Asia. The most targeted companies are those operating in the online gaming industry, with educational institutions coming in second.
XOR DDoS is just one among several malware that specifically target Linux-based systems, as the trend of breaching poorly protected Linux systems to be used for DDoS attacks continues. Routers that are unmaintained and old are specifically vulnerable to these attacks.
"A decade ago, Linux was seen as the more secure alternative to Windows environments, which suffered the lion's share of attacks at the time, and companies increasingly adopted Linux as part of their security-hardening efforts," Akamai said. However, as more users adopt Linux, the reward for hackers to infiltrate Linux systems grows along with the increasing Linux user base.
These attackers will keep evolving their methods to compromise Linux systems, and so security specialists are recommended by Akamai to keep working on the security of their systems.