Microsoft has witnessed as 254% increase in activity of the botnet XorDDoS. XorDDoS is an eight-year-old network of infected Linux machines that is leveraged by threat actors to conduct distributed denial of service (DDoS) attacks against Linux users. The botnet conducts automated password-guessing attacks spanning thousands of Linux servers, seeking matching admin credentials utilized on Secure Shell servers. Secure Shell is a network communications protocol most frequently used to control remote system administration.
Once credentials are identified, the dangerous botnet uses its new root privileges to install itself onto a Linux device. It then uses XOR-based encryption to communicate with the attacker’s command and control infrastructure. Microsoft stated that it is concerned about the other capabilities of the XorDDoS botnet as DDoS attacks become a serious threat to system availability and continue to grow in size each year. In addition, Crowdstrike reported that XorDDoS was one of the most active Linux-based malware families in 2021, capitalizing off the growth of Internet of Things devices.
Read More: Microsoft says this botnet is growing fast and hunting for servers with weak passwords
