XorDdos Malware Spike in May
Table of Contents
- By Patrick Ryan
- May 26, 2022
Those who pay attention to malware attacks have noted a considerable uptick in the number of XorDdos Linux attacks. XorDdos has developed a reputation for using attacks characterized as secure with shell brute force.
XorDdos is a component of an emerging trend in which Linux operating systems are targeted. Microsoft has documented a hike in activity greater than 250% in the past half-year alone, stemming from XorDdos attacks alone.
What is XorDdos?
XorDdos is best described as a Trojan used to target Linux operating systems, conducting distributed denial of service attacks. The attack is also famous for its shell brute force strategy in which it obtains remote control of the targeted computer or other devices.
XorDdos was initially identified by the digital security specialists MalwareMustDie. The attack was named in honor of its famous denial of service attacks that zeroed in on Linux endpoints, including servers and the use of XOR encryption for communications. XorDdos is emblematic of malware zeroing in on Linux-based operating systems, deployed through the cloud, and implemented by way of the Internet of Things or IoT for short. The intrusion into IoT, along with other devices connected to the web, sets the stage for XorDdos to build up botnets to execute its signature DDoS attacks.
When did XOR First Appear?
XOR made its debut in 2014. Originally called “XOR.DDoS,” XOR was likely created in China. The malware for Linux is primarily focused on DDoS attacks, targeting other machines with the use of network communication overloads and malware in unison. The targeted servers transmit instructions to compromised systems, ultimately serving as bots within an overarching botnet that strengthen the attack all the more.
Can the Attack be Stopped?
Indeed, it can. According to Microsoft, the software giant stopped a 2.4 Tbps DDoS attack in the summer of 2021. The traffic emanating from the attack started in more than 70,000 sources spanning nations from the United States to Japan, Taiwan, China, Vietnam, and beyond.
The attack was mitigated in those source countries, failing to reach its intended target. DDoS attacks are especially problematic as they can be used to conceal other nefarious activities, including the infiltration of targeted systems and the use of malware.
Rewind to February of 2021, and Microsoft had turned to its blog to shine the spotlight on digital security trends from the year gone by. In this blog post, the software powerhouse noted that DDoS attacks had increased by more than 50% on a year-over-year basis. The content also pointed out that the DDoS traffic had expanded both in terms of volume and complexity.
All in all, the software giant states it mitigated more than 500 multi-vector offensives on Azure per day every single year. DDoS attacks became much easier to launch as work shifted away from corporate buildings and into the home during the pandemic simply because the digital miscreants behind such attacks did not have to generate nearly as much online traffic to compromise the targeted servers. The takeaway from the rise of this rehashed version of malware is that now is the optimal time to upgrade your digital defenses.