News Feed Item
Akamai Warns of IptabLes and IptabLex Infection on Linux, DDoS attacks
Linux systems infiltrated and controlled in a DDoS botnet
|By PR Newswire
|September 3, 2014 06:30 AM EDT
CAMBRIDGE, Mass., Sept. 3, 2014 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today released, through the company's Prolexic Security Engineering & Research Team (PLXsert), a new cybersecurity threat advisory. The advisory alerts enterprises to a high-risk threat of IptabLes and IptabLex infections on Linux systems. Malicious actors may use infected Linux systems to launch distributed denial of service (DDoS) attacks against the entertainment industry and other verticals. The advisory is available for download from Prolexic (now part of Akamai) at www.prolexic.com/iptablex.
"We have traced one of the most significant DDoS attack campaigns of 2014 to infection by IptabLes and IptabLex malware on Linux systems," said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai. "This is a significant cybersecurity development because the Linux operating system has not typically been used in DDoS botnets. Malicious actors have taken advantage of known vulnerabilities in unpatched Linux software to launch DDoS attacks. Linux admins need to know about this threat to take action to protect their servers."
DDoS botnet threat to Linux systems
The mass infestation of IptabLes and IptabLex seems to have been driven by a large number of Linux-based web servers being compromised, mainly by exploits of Apache Struts, Tomcat and Elasticsearch vulnerabilities. Attackers have used the Linux vulnerabilities on unmaintained servers to gain access, escalate privileges to allow remote control of the machine, and then drop malicious code into the system and run it. As a result, a system could then be controlled remotely as part of a DDoS botnet.
A post-infection indication is a payload named .IptabLes or. IptabLex located in the /boot directory. These script files run the .IptabLes binary on reboot. The malware also contains a self-updating feature that causes the infected system to contact a remote host to download a file. In the lab environment, an infected system attempted to contact two IP addresses located in Asia.
Asia apparently a significant source of DDoS attacks
Command and control centers (C2, CC) for IptabLes and IptabLex are currently located in Asia. Infected systems were initially known to be in Asia; however, more recently many infections were observed on servers hosted in the U.S. and in other regions. In the past, most DDoS bot infections originated from Russia, but now Asia appears to be a significant source of DDoS development.
Prevention, detection and DDoS mitigation
Detecting and preventing an IptabLes or IptabLex infestation on Linux systems involves patching and hardening Linux servers and antivirus detection. In the threat advisory, PLXsert provides bash commands to clean an infected system.
DDoS mitigation for the target of a DDoS attacker who controls these infected bots may include rate-limiting DDoS mitigation techniques. In addition, PLXsert shares a YARA rule in the threat advisory to identify the ELF IptabLes payload used in an observed attack campaign.
The IptabLes and IptabLex botnet has produced significant DDoS attack campaigns for which target companies have sought expert DDoS protection. Akamai offers DDoS mitigation solutions to stop DDoS attacks launched from IptabLes and IptabLex bots.
PLXsert anticipates further infestation and the expansion of this DDoS botnet.
Get the IptabLes and IptabLex DDoS Bot Threat Advisory to learn more
In the advisory, PLXsert shares its analysis and details about IptabLes and IptabLex infections, including:
- Indicators of infection
- Analysis of the binary (ELF) associated with IptabLes and IptabLex infections
- Payload initialization, entrenchment and persistence
- Network code analysis
- Case study of a DDoS attack campaign
- How to hardening Linux servers against this threat
- Antivirus detection rates
- Bash commands to clean an infected system
- YARA rule to identify an ELF IptabLes payload
- DDoS mitigation techniques
A complimentary copy of the threat advisory is available for download at www.prolexic.com/iptablex.
Akamai® is the leading provider of cloud services for delivering, optimizing and securing online content and business applications. At the core of the Company's solutions is the Akamai Intelligent Platform™ providing extensive reach, coupled with unmatched reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.
Logo - http://photos.prnewswire.com/prnh/20100225/AKAMAILOGO
SOURCE Akamai Technologies, Inc.
Traditional on-premises data centers have long been the domain of modern data platforms like Apache Hadoop, meaning companies who build their business on public cloud were challenged to run Big Data processing and analytics at scale. But recent advancements in Hadoop performance, security, and most importantly cloud-native integrations, are giving organizations the ability to truly gain value from all their data.
In his session at 19th Cloud Expo, David Tishgart, Director of Product Marketing ...
Sep. 25, 2016 05:00 PM EDT Reads: 1,719
SYS-CON Events announced today that Bsquare has been named “Silver Sponsor” of SYS-CON's @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
For more than two decades, Bsquare has helped its customers extract business value from a broad array of physical assets by making them intelligent, connecting them, and using the data they generate to optimize business processes.
Sep. 25, 2016 04:15 PM EDT Reads: 2,529
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Commvault is a leading provider of data protection and information management solutions, helping companies worldwide activate their data to drive more value and business insight and to transform moder...
Sep. 25, 2016 03:45 PM EDT Reads: 2,346
DevOps at Cloud Expo – being held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open.
Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Am...
Sep. 25, 2016 03:15 PM EDT Reads: 4,380
Almost two-thirds of companies either have or soon will have IoT as the backbone of their business in 2016. However, IoT is far more complex than most firms expected. How can you not get trapped in the pitfalls?
In his session at @ThingsExpo, Tony Shan, a renowned visionary and thought leader, will introduce a holistic method of IoTification, which is the process of IoTifying the existing technology and business models to adopt and leverage IoT. He will drill down to the components in this fra...
Sep. 25, 2016 03:00 PM EDT Reads: 1,566
The vision of a connected smart home is becoming reality with the application of integrated wireless technologies in devices and appliances. The use of standardized and TCP/IP networked wireless technologies in line-powered and battery operated sensors and controls has led to the adoption of radios in the 2.4GHz band, including Wi-Fi, BT/BLE and 802.15.4 applied ZigBee and Thread. This is driving the need for robust wireless coexistence for multiple radios to ensure throughput performance and th...
Sep. 25, 2016 02:30 PM EDT Reads: 1,508
SYS-CON Events announced today that Pulzze Systems will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Pulzze Systems, Inc. provides infrastructure products for the Internet of Things to enable any connected device and system to carry out matched operations without programming.
For more information, visit http://www.pulzzesystems.com.
Sep. 25, 2016 02:15 PM EDT Reads: 1,795
Enterprise IT has been in the era of Hybrid Cloud for some time now. But it seems most conversations about Hybrid are focused on integrating AWS, Microsoft Azure, or Google ECM into existing on-premises systems. Where is all the Private Cloud? What do technology providers need to do to make their offerings more compelling? How should enterprise IT executives and buyers define their focus, needs, and roadmap, and communicate that clearly to the providers?
Sep. 25, 2016 02:00 PM EDT Reads: 1,513
SYS-CON Events announced today the Kubernetes and Google Container Engine Workshop, being held November 3, 2016, in conjunction with @DevOpsSummit at 19th Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA.
This workshop led by Sebastian Scheele introduces participants to Kubernetes and Google Container Engine (GKE). Through a combination of instructor-led presentations, demonstrations, and hands-on labs, students learn the key concepts and practices for deploying and maintainin...
Sep. 25, 2016 02:00 PM EDT Reads: 2,598
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
Sep. 25, 2016 01:00 PM EDT Reads: 825
There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. Big Data at Cloud Expo - to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA - has announced its Call for Papers is open.
Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is...
Sep. 25, 2016 12:45 PM EDT Reads: 2,441
DevOps at Cloud Expo, taking place Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long dev...
Sep. 25, 2016 12:15 PM EDT Reads: 3,377
Digital innovation is the next big wave of business transformation based on digital technologies of which IoT and Big Data are key components, For example:
Business boundary innovation is a challenge to excavate third-party business value using IoT and BigData, like Nest
Business structure innovation may propose re-building business structure from scratch, as Uber does in the taxicab industry
The social model innovation is also a big challenge to the new social architecture with the design fr...
Sep. 25, 2016 12:15 PM EDT Reads: 1,100
Data is an unusual currency; it is not restricted by the same transactional limitations as money or people. In fact, the more that you leverage your data across multiple business use cases, the more valuable it becomes to the organization. And the same can be said about the organization’s analytics.
In his session at 19th Cloud Expo, Bill Schmarzo, CTO for the Big Data Practice at EMC, will introduce a methodology for capturing, enriching and sharing data (and analytics) across the organizati...
Sep. 25, 2016 11:45 AM EDT Reads: 1,645
IoT is fundamentally transforming the auto industry, turning the vehicle into a hub for connected services, including safety, infotainment and usage-based insurance. Auto manufacturers – and businesses across all verticals – have built an entire ecosystem around the Connected Car, creating new customer touch points and revenue streams.
In his session at @ThingsExpo, Macario Namie, Head of IoT Strategy at Cisco Jasper, will share real-world examples of how IoT transforms the car from a static p...
Sep. 25, 2016 11:30 AM EDT Reads: 1,511