Microsoft has uncovered instances of brute force hijacking affecting Linux-based IoT devices, and their resources are being used for cryptomining.
The type of attack, known as cryptojacking, has become more prevalent in recent years as attentions have turned to cryptocurrencies and the world’s economies have suffered. Attackers can rake in huge profits simply by targeting vulnerable systems.
The recent attack observed by Redmond’s analysts involves a combination of custom and open source tools to target Internet-facing, Linux-based systems, as well as other IoT devices.
Cryptojackers are targeting Linux and IoT devices
Microsoft explains: “the threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal device resources for mining operations.”
Access is gained in the first instance by brute forcing various credentials, at which point shell history is disabled, and a compromised OpenSSH archive releases malware.
The attack also uses a backdoor to eliminate competition from other cryptomining tools, including those sneakily deployed by rival cryptojackers, by monopolizing device resources and blocking a number of hosts and IPs related to mining.
Researchers have linked the attack to ‘cardingforum’ user asterzeu, who is believed to be behind a malware-as-a-service operation.
It is thought that the Hiveon OS is the attacker’s primary target, which is a Linux distro specifically designed for cryptomining.
Even so, other operating systems are at risk and Microsoft is urging potential victims to ensure that they have set up secure configurations for devices, to use least-privileges access, and to keep firmware and OpenSSH versions up-to-date when possible.
It’s also keen to push the likes of Microsoft Defender for IoT and Microsoft 365 Defender, but any combination of endpoint protection software can be considered.