Microsoft uncovers savage new cyberattacks hitting Linux and IoT devices

Linux systems are being used for cryptomining

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas uncovered instances of brute force hijacking affectingLinux-based IoT devices, and their resources are being used for cryptomining.

The type of attack, known as cryptojacking, has become more prevalent in recent years as attentions have turned to cryptocurrencies and the world’s economies have suffered. Attackers can rake in huge profits simply by targeting vulnerable systems.

The recent attack observed by Redmond’s analysts involves a combination of custom and open source tools to target Internet-facing, Linux-based systems, as well as other IoT devices.

Cryptojackers are targeting Linux and IoT devices

Microsoft explains: “the threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal device resources for mining operations.”

These are the best ransomware protection tools around>Over a thousand Redis servers hijacked to mine crypto>Microsoft Exchange ProxyShell is being exploited to mine crypto once again

Access is gained in the first instance by brute forcing various credentials, at which point shell history is disabled, and a compromised OpenSSH archive releasesmalware.

The attack also uses a backdoor to eliminate competition from other cryptomining tools, including those sneakily deployed by rival cryptojackers, by monopolizing device resources and blocking a number of hosts and IPs related to mining.

Researchers have linked the attack to ‘cardingforum’ userasterzeu, who is believed to be behind a malware-as-a-service operation.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

It is thought that the Hiveon OS is the attacker’s primary target, which is a Linux distro specifically designed for cryptomining.

Even so, otheroperating systemsare at risk and Microsoft is urging potential victims to ensure that they have set up secure configurations for devices, to use least-privileges access, and to keep firmware and OpenSSH versions up-to-date when possible.

It’s also keen to push the likes of Microsoft Defender for IoT and Microsoft 365 Defender, but any combination ofendpoint protection softwarecan be considered.

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

Filming with an iPhone? A smart, AI-powered gimbal from Hohem can help