Hannah Grace Tech 01.19.2022 02:Jan AM EST

Linux Malware Rise Can Expose You to Hackers; 3 Top Threats to Watch Out For

According to the latest reports, Linux malware has seen a dramatic 35 percent increase in its attacks this past 2021. Interestingly, three major threats make up most of this Linux malware attacks.

Linux Malware Exposes You to Hackers

Malware infections targeting Linux devices increased by 35 percent in 2021, which is commonly observed on Internet-of-Things (IoT) devices that distributed denial of service (DDoS) cyberattacks, per Bleeping Computer.

For those who do not know, IoT Agenda defined IoTs as a system of interconnected computing devices, mechanical and digital machinery, items, animals and people with unique identities (UIDs) and the capacity to transmit files without needing human-to-human or human-to-computer contact.

To further emphasize, some examples of IoTs are heart monitor implant, a biochip transmitter, a car with built-in detectors, or any other natural or man-made item which can be given an Internet Protocol (IP) address and can exchange data over the internet.

Meanwhile, Linux is a free operating system and open-source operating system (OS), per Red Hat.

An operating system is software that controls the hardware and resources of a computer, such as the CPU, memory and storage. The operating system lies between applications and hardware, connecting all of the computer software to the actual resources that perform the job.

In relation to this, IoTs operate a variety of Linux versions and are restricted to specific functions. When their resources are merged into large groups, they can launch huge DDoS assaults on even the most well-protected infrastructure.

Aside from DDoS attacks, Linux IoT devices are also used to mine cryptocurrencies, enable spam mail campaigns, operate as relays, command and control servers, and even act as entry points into corporate networks.

According to a recent analysis from security firm CrowdStrike, the most common Linux malware families in 2021 included XorDDoS, Mirai and Mozi, which accounted for 22 percent of all Linux-based IoT malware on the year.

These were also a major drivers of malware attacking all Linux-based computers, which increased significantly compared to the previous year.

Top 3 Linux Malware to Watch Out For

3. XorDDos

XorDDoS is a Linux network that monitors the internet for Linux servers with Security Shell (SSH) servers that are not secured with a strong password or encryption keys, per ZDNet.

It has been operating since at least 2014 and used to launch large-scale DDoS attacks. It tries to determine the password so that attackers can operate the device remotely.

XorDDoS has recently started attacking unsecured Docker groups in the cloud, rather than its previous targets such as routers and internet-connected smart devices, which is also appealing to cryptocurrency-mining malware.

Because many IoT devices have already been intruded on, Docker clusters have become a new threat.

2. Mirai

Mirai is a well-known botnet that has generated several variants because of its freely available source code and continues to cause chaos on the Internet of Things.

Additionally, Mirai can spread through Linux systems with weak passwords.

CrowdStrike researcher Mihai Maganu added that some of the most common variations that they tracked involved Sora, IZIH9 and Rekai.

In 2021, the number of recognized samples for all three variations grew by 33 percent, 39 percent, and 83 percent, respectively, as compared to 2020.

1. Mozi

Mozi, a peer-to-peer botnet that first appeared in 2019, targets networking devices, IoT and video recorders, among other internet-connected devices, using the distributed hash table (DHT).

Mozi's command and control communication is hidden behind valid DHT traffic. Crowdstrike added that in 2021 there were ten times more Mozi samples than in 2020.