Friday, March 5, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities

January 20, 2021
in Internet Privacy
SUNSPOT Malware Was Used to Inject SolarWinds Backdoor
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in network-attached storage (NAS) devices running on Linux systems to co-opt the machines into an IRC botnet for launching distributed denial-of-service (DDoS) attacks and mining Monero cryptocurrency.

The attacks deploy a new malware variant called “FreakOut” by leveraging critical flaws fixed in Laminas Project (formerly Zend Framework) and Liferay Portal as well as an unpatched security weakness in TerraMaster, according to Check Point Research’s new analysis published today and shared with The Hacker News.

You might also like

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead

Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit

Attributing the malware to be the work of a long-time cybercrime hacker — who goes by the aliases Fl0urite and Freak on HackForums and Pastebin at least since 2015 — the researchers said the flaws — CVE-2020-28188, CVE-2021-3007, and CVE-2020-7961 — were weaponized to inject and execute malicious commands in the server.

http://thehackernews.com/

Regardless of the vulnerabilities exploited, the end goal of the attacker appears to be to download and execute a Python script named “out.py” using Python 2, which reached end-of-life last year — implying that the threat actor is banking on the possibility that that victim devices have this deprecated version installed.

“The malware, downloaded from the site hxxp://gxbrowser[.]net, is an obfuscated Python script which contains polymorphic code, with the obfuscation changing each time the script is downloaded,” the researchers said, adding the first attack attempting to download the file was observed on January 8.

And indeed, three days later, cybersecurity firm F5 Labs warned of a series of attacks targeting NAS devices from TerraMaster (CVE-2020-28188) and Liferay CMS (CVE-2020-7961) in an attempt to spread N3Cr0m0rPh IRC bot and Monero cryptocurrency miner.

An IRC Botnet is a collection of machines infected with malware that can be controlled remotely via an IRC channel to execute malicious commands.

In FreakOut’s case, the compromised devices are configured to communicate with a hardcoded command-and-control (C2) server from where they receive command messages to execute.

The malware also comes with extensive capabilities that allow it to perform various tasks, including port scanning, information gathering, creation and sending of data packets, network sniffing, and DDoS and flooding.

Furthermore, the hosts can be commandeered as a part of a botnet operation for crypto-mining, spreading laterally across the network, and launching attacks on outside targets while masquerading as the victim company.

With hundreds of devices already infected within days of launching the attack, the researchers warn, FreakOut will ratchet up to higher levels in the near future.

For its part, TerraMaster is expected to patch the vulnerability in version 4.2.07. In the meantime, it’s recommended that users upgrade to Liferay Portal 7.2 CE GA2 (7.2.1) or later and laminas-http 2.14.2 to mitigate the risk associated with the flaws.

“What we have identified is a live and ongoing cyber attack campaign targeting specific Linux users,” said Adi Ikan, head of network cybersecurity Research at Check Point. “The attacker behind this campaign is very experienced in cybercrime and highly dangerous.”

“The fact that some of the vulnerabilities exploited were just published, provides us all a good example for highlighting the significance of securing your network on an ongoing basis with the latest patches and updates.”


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

7 Key Benefits of Integrating Asset Monitoring in the Water Sector

Next Post

Awareness isn’t enough -- it’s time for security leaders to change behaviors

Related Posts

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
Internet Privacy

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

March 5, 2021
Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead
Internet Privacy

Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead

March 5, 2021
Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit
Internet Privacy

Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit

March 4, 2021
A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account
Internet Privacy

A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account

March 4, 2021
Replacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security Teams
Internet Privacy

Replacing EDR/NGAV with Autonomous XDR Makes a Big Difference for Small Security Teams

March 4, 2021
Next Post
Awareness isn’t enough — it’s time for security leaders to change behaviors

Awareness isn’t enough -- it’s time for security leaders to change behaviors

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines
Internet Security

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

March 5, 2021
Convergence of AI, 5G and Augmented Reality Poses New Security Risks 
Artificial Intelligence

Convergence of AI, 5G and Augmented Reality Poses New Security Risks 

March 5, 2021
2021 Gartner Magic Quadrant for Data Science and Machine Learning Platforms
Machine Learning

2021 Gartner Magic Quadrant for Data Science and Machine Learning Platforms

March 5, 2021
With its acquisition of Auth0, Okta goes all in on CIAM
Internet Security

With its acquisition of Auth0, Okta goes all in on CIAM

March 5, 2021
Survey Finds Many Companies Do Little or No Management of Cloud Spending  
Artificial Intelligence

Survey Finds Many Companies Do Little or No Management of Cloud Spending  

March 5, 2021
UVA doctors give us a glimpse into the future of artificial intelligence
Machine Learning

UVA doctors give us a glimpse into the future of artificial intelligence

March 5, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines March 5, 2021
  • Convergence of AI, 5G and Augmented Reality Poses New Security Risks  March 5, 2021
  • 2021 Gartner Magic Quadrant for Data Science and Machine Learning Platforms March 5, 2021
  • With its acquisition of Auth0, Okta goes all in on CIAM March 5, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates