Fileless malware eating computing power of Linux Servers

Cybersecurity Insiders

In what appears to be a groundbreaking event in the realm of cybersecurity, thousands of Linux servers around the globe are currently facing an unprecedented threat from a sophisticated dropper. This malicious software is reportedly being utilized to install proxyjacking and cryptomining malware, marking a significant shift in the focus of cybercriminals.

The victims primarily hail from Western countries such as the United States, the United Kingdom, Canada, and Germany, with additional reports emerging from nations including China, Russia, South Korea, and Indonesia. The fundamental strategy employed by the attackers is straightforward: they exploit the computing power of compromised Linux servers to mine cryptocurrencies, particularly Bitcoin.

Hackers are increasingly taking advantage of various vulnerabilities and misconfigurations within these systems to gain unauthorized access. Once inside the network, they deploy a payload known as Perfctl, also referred to as Perfcc, which serves as a gateway for the subsequent installation of mining malware.

Historically, cybercriminal activity has predominantly targeted Windows machines, which were viewed as more vulnerable. However, this recent trend indicates a notable pivot towards Linux systems, which have typically been considered more secure in many scenarios.

To combat this emerging threat, several proactive measures can be implemented. These include patching known vulnerabilities, restricting unnecessary file executions, disabling unused services, enabling network segmentation, deploying runtime protection mechanisms, and instituting strict privilege management protocols. Together, these tactics can help thwart fileless malware attacks and enhance overall system security.

For those unfamiliar with the capabilities of such malware, it’s essential to understand its operation. Typically, this type of malware resides silently within computing systems, utilizing the machine’s resources without the knowledge or consent of the system administrator to generate cryptocurrency. In the case of proxyjacking, attackers leverage both the unused bandwidth of the compromised systems and their processing power to extract financial gain from virtual nodes, thereby evolving into a distinct form of cybercrime.

As the threat landscape continues to evolve, it is crucial for organizations and individuals to remain vigilant and take necessary precautions to protect their systems against these increasingly sophisticated attacks.

Ad
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display