Chapter 5: Decoding Linux’s Evolving Threat Landscape: Supply Chains, Proxyjacking, and Zero-Days
In Q4 of 2023, the Linux threat landscape displayed noteworthy developments, particularly in supply-chain attacks.
Supply-Chain Attack on ‘Ledger dApp Connect Kit’ Library
A significant incident unfolded with a supply-chain attack on the ‘Ledger dApp Connect Kit’ library. Attackers injected malicious code into the library, allowing them to pilfer $600,000 in cryptocurrency and NFTs from wallets linked to compromised dApps.
This attack underscores the increasing sophistication of threats targeting Linux environments, especially in the context of cryptocurrency.
Rise in Proxyjacking and DDoS Attacks
Linux as well as MacOS devices have become prime targets for proxyjacking, where attackers sell access to compromised devices as network proxies. Moreover, these devices are now weaponized for Distributed Denial of Service (DDoS) attacks.
Surge in Attacks on IoT Devices
IoT devices, known for weaker security measures and widespread global use, have experienced a significant upswing in attacks, reportedly witnessing a ten-fold increase.
The prevalence and diverse architectures of IoT devices, many not operating on the x86 architecture, add complexity to the analysis of malware targeting them. While emulation can aid in analysis, it’s not universally supported and may yield uncertain effectiveness.
Zero-Day Vulnerabilities and the Emergence of ‘InfectedSlurs’
Zero-day vulnerabilities remain a substantial threat in Linux environments. An illustrative example is the emergence of ‘InfectedSlurs,’ a new Mirai-based botnet malware exploiting two zero-day remote code execution (RCE) vulnerabilities to compromise network video recorders (NVRs) and routers. ‘InfectedSlurs’ harnessed these devices, integrating them into a DDoS swarm, presumably for profit.
