CyberNews Briefs

Microsoft says this botnet is growing fast and hunting for servers with weak passwords

Microsoft has witnessed as 254% increase in activity of the botnet XorDDoS. XorDDoS is an eight-year-old network of infected Linux machines that is leveraged by threat actors to conduct distributed denial of service (DDoS) attacks against Linux users. The botnet conducts automated password-guessing attacks spanning thousands of Linux servers, seeking matching admin credentials utilized on Secure Shell servers. Secure Shell is a network communications protocol most frequently used to control remote system administration.

Once credentials are identified, the dangerous botnet uses its new root privileges to install itself onto a Linux device. It then uses XOR-based encryption to communicate with the attacker’s command and control infrastructure. Microsoft stated that it is concerned about the other capabilities of the XorDDoS botnet as DDoS attacks become a serious threat to system availability and continue to grow in size each year. In addition, Crowdstrike reported that XorDDoS was one of the most active Linux-based malware families in 2021, capitalizing off the growth of Internet of Things devices.

Read More: Microsoft says this botnet is growing fast and hunting for servers with weak passwords

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.