“This reduces the development time instead of having to write malware from scratch.”įor good measure, the creators of Vermilion Strike also created their own Windows-based re-implementation of the tool. A single compromised server can impact hundreds of endpoints at once,” he explained.ĭevelopers who already have the source code for the Windows version of a weaponized tool or malware program can more easily pivot to creating a Linux version because “a lot of the logic involved can stay the same and the only parts that need to be changed are those that interact with the operating system directly,” Robinson added. “Instead of infecting employee's system and hoping to navigate to a high-value target, they are targeting the entirety of systems within an organization. Moreover, the idea of conducting Linux-based attacks against data centers is especially alluring, said Brian Baskin, manager of threat research at VMware. This change means that cybercriminals need to modify their toolsets to operate within this Linux-dominated environment.” “Data, operations, applications are all being hosted on the cloud now as opposed to desktop computers. “The need to create malware for Linux is becoming an increasing necessity for cybercriminals,” Intezer security researcher Ryan Robinson told SC Media. That’s especially true as infosec teams struggle to detect such threats due to an overemphasis on Windows malware, a lack of effective solutions for protecting data centers, and the immaturity of sandboxes. Dubbed Vermilion Strike, the ELF-formatted malware follows in the footsteps of geacon, an open-source Golang-based version of Beacon.Īccording to researchers at Intezer, the firm that uncovered Vermilion Strike, security professionals are likely to see more Linux-friendly versions of hacking tools and services as malicious developers rapidly respond to the trend of organizations migrating to cloud-based services and environments. Researchers have discovered a new Linux version of the often abused red-team Windows hacking tool Cobalt Strike Beacon that was coded from scratch and has so far eluded all VirusTotal antivirus detections. (Photo by Dean Mouhtaropoulos/Getty Images)
A lack of effective solutions for protecting data centers is one reason infosec professionals struggle to detect Linux-based threats. The CERN Computer/Data Centre and server farm, as seen during a behind the scenes tour at CERN.
0 kommentar(er)
