FreakOut Botnet Targets Linux- Experts Offer Perspective

Free Services to help you during COVID-19 Learn More

Support Request a Demo Contact Us Blog

Security Experts | Informationsecuritybuzz.com

Researchers with Check Point have reported a FreakOut botnet that has targeted vulnerabilities in Linux systems. The IRC botnet can be used for DDoS attacks as well as crypto-mining. The attacks aimed at devices that run one of the following:

  • TerraMaster TOS(TerraMaster Operating System) – the operating system used for managing TerraMaster NAS (Network Attached Storage) servers
  • Zend Framework –  a collection of packages used in building web application and services using PHP, with more than 570 million installations
  • Liferay Portal – a free, open-source enterprise portal. It is a web application platform written in Java that offers features relevant for the development of portals and websites
EXPERTS COMMENTS
Saryu Nayyar

| January 20, 2021

Saryu Nayyar, CEO, Gurucul

Identifying an infection should be relatively straightforward using network monitoring or security analytics tools provided they are in place.

Historically, Linux systems have been reasonably secure and received patches quickly when a vulnerability comes to light. Unfortunately, Linux and Windows share the same problem in that applications that run on those platforms may not be patched as quickly as the underlying OS. The recent FreakOut botnet attack targets multiple recent application vulnerabilities that may not yet be patched on production systems. Fortunately, the botnet is still quite small and relies on Internet Relay Chat (IRC) for command and control. That means that identifying an infection should be relatively straightforward using network monitoring or security analytics tools provided they are in place.

 

| January 20, 2021

Craig Young, Principal Security Researcher, Tripwire

From my perspective, the real risk from this type of malware is from attackers with physical access to a device.

The commoditization of malware has absolutely lowered the bar for those looking to snoop or steal but it does not considerably affect defense strategies for general cybercrime. Keeping software up to date, not installing apps from untrusted sources, and leaving Google Play Protect enabled will catch most if not all commercial malware.

From my perspective, the real risk from this type of malware is from attackers with physical access to a device who can potentially disable security features to install a backdoor. Domestic abusers can use these tools to cause excessive damage, and it can be incredibly difficult for their victims to recognize and respond to a compromised device

 

External Link: FreakOut Botnet Targets Linux- Experts Offer Perspective

Share this page:

Related Posts