Microsoft uncovers savage new cyberattacks hitting Linux and IoT devices

News
By Craig Hale
published

Linux systems are being used for cryptomining

Crypto mining
Kryptovaluuttojen louhinta on tehokkainta oikeilla komponenteilla. (Image credit: Shutterstock / Yevhen Vitte)

Microsoft has uncovered instances of brute force hijacking affecting Linux-based IoT devices, and their resources are being used for cryptomining.

The type of attack, known as cryptojacking, has become more prevalent in recent years as attentions have turned to cryptocurrencies and the world’s economies have suffered. Attackers can rake in huge profits simply by targeting vulnerable systems.

The recent attack observed by Redmond’s analysts involves a combination of custom and open source tools to target Internet-facing, Linux-based systems, as well as other IoT devices.

Cryptojackers are targeting Linux and IoT devices

Microsoft explains: “the threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal device resources for mining operations.”

Read more

> These are the best ransomware protection tools around

> Over a thousand Redis servers hijacked to mine crypto

> Microsoft Exchange ProxyShell is being exploited to mine crypto once again

Access is gained in the first instance by brute forcing various credentials, at which point shell history is disabled, and a compromised OpenSSH archive releases malware.

The attack also uses a backdoor to eliminate competition from other cryptomining tools, including those sneakily deployed by rival cryptojackers, by monopolizing device resources and blocking a number of hosts and IPs related to mining.

Researchers have linked the attack to ‘cardingforum’ user asterzeu, who is believed to be behind a malware-as-a-service operation. 

It is thought that the Hiveon OS is the attacker’s primary target, which is a Linux distro specifically designed for cryptomining.

Even so, other operating systems are at risk and Microsoft is urging potential victims to ensure that they have set up secure configurations for devices, to use least-privileges access, and to keep firmware and OpenSSH versions up-to-date when possible.

It’s also keen to push the likes of Microsoft Defender for IoT and Microsoft 365 Defender, but any combination of endpoint protection software can be considered.

Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!