Hackers are increasingly deploying the XorDdos malware to infiltrate Linux systems and launch distributed denial of service (DDoS) attacks, with a large surge in attempted breaches in recent months. The open-source nature of Linux makes it a prime target for such malware, particularly when it is running on Internet of Things (IoT) connected devices where security updates are patchy. New legislation announced this month may help tackle the problem.
XorDdos, so-called for its use of the XOR encryption algorithm, is used to carry out ‘SSH brute force’ attacks, where it tries to work out the log-in credentials of a device. “They’re trying to rely on the fact that people haven’t secured these devices,” says Bharat Mistry, technical director of the UK and Ireland at security company Trend Micro. “In some cases it might be just a default password.”
Though not a new malware, XorDdos is increasingly being used to target Linux systems, says Microsoft’s Defender 365 security team, which has noted a 254% increase in attempted hacks using the malware on Linux systems in the past six months. “By compromising IoT and other internet-connected devices, XorDdos amasses botnets that can be used to carry out distributed denial-of-service attacks,” a new report from Microsoft says.
Why is Linux vulnerable to XorDdos?
Linux’s open-source model means it is commonly used to underpin IoT devices and cloud infrastructure. But this is not without its downsides when it comes to security. “Linux is not like Windows where Microsoft controls the build,” Mistry says. “The fact that it’s open source means that different groups of people will be taking the base build and then they’ll be forking off and doing their own variant of that.”
For IoT device makers, getting to market quickly is often prioritised over security, Mistry says, and once a device is up and running there is no onus on the manufacturer to provide security updates. “You’re relying on someone who’s not really making any money on it to make sure that everything is up to date,” he says. “From a vendor’s point of view, once I’ve got it out in the market, that’s it.”
This means that “hundreds of millions of smart devices” are at risk, argues Mistry. “You’ve got light bulbs, you’ve got fans, you’ve got kettles, you’ve got fridges, doorbells,” all running on Linux, often with insufficient security. And, he says, “the problem is going to grow”. He explains: “No matter what we do to circumvent or mitigate these things, as long as software is being developed and not developed securely, this problem is just going to carry on. It’s just going to escalate.”
Why are DDoS attacks becoming more common?
DDoS attacks have enjoyed a surge in popularity in recent months as a simple weapon used by ransomware gangs and other cybercriminals. DDoS attacks were a key weapon deployed against Ukraine at the start of the invasion by Russia, for example. DDoS attacks are so popular with ransomware gangs that their use developed a term called “triple extortion.”
The botnets unleashed as part of DDoS attacks are not only growing, but the techniques underpinning their use are becoming more sophisticated. “They started off in the very early days as very simplistic attacks, but now they’re getting more and more sophisticated,” Mistry says. “If you look at the most recent ones, some of those botnets are targeting the application layer. They’re difficult to get around and from an attacker’s point of view, you don’t need as many resources.”
XorDdos malware: how can businesses protect themselves?
Mistry says there are ways businesses can protect themselves. “If you’re buying a cloud service, then make sure that the person who you’re buying the service from is going to regularly maintain and update that platform,” he says.
For IoT devices, new regulations may help improve security. As reported by Tech Monitor, the Product Security and Telecommunications Infrastructure bill, introduced in the Queen’s Speech earlier this month, will mandate manufacturers to remove default passwords and commit to a certain amount of security updates. Regulatory pressure could force IoT device manufacturers to put some security in,” Mistry says.