|By PR Newswire||
|September 3, 2014 06:30 AM EDT||
CAMBRIDGE, Mass., Sept. 3, 2014 /PRNewswire/ -- Akamai Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today released, through the company's Prolexic Security Engineering & Research Team (PLXsert), a new cybersecurity threat advisory. The advisory alerts enterprises to a high-risk threat of IptabLes and IptabLex infections on Linux systems. Malicious actors may use infected Linux systems to launch distributed denial of service (DDoS) attacks against the entertainment industry and other verticals. The advisory is available for download from Prolexic (now part of Akamai) at www.prolexic.com/iptablex.
"We have traced one of the most significant DDoS attack campaigns of 2014 to infection by IptabLes and IptabLex malware on Linux systems," said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai. "This is a significant cybersecurity development because the Linux operating system has not typically been used in DDoS botnets. Malicious actors have taken advantage of known vulnerabilities in unpatched Linux software to launch DDoS attacks. Linux admins need to know about this threat to take action to protect their servers."
DDoS botnet threat to Linux systems
The mass infestation of IptabLes and IptabLex seems to have been driven by a large number of Linux-based web servers being compromised, mainly by exploits of Apache Struts, Tomcat and Elasticsearch vulnerabilities. Attackers have used the Linux vulnerabilities on unmaintained servers to gain access, escalate privileges to allow remote control of the machine, and then drop malicious code into the system and run it. As a result, a system could then be controlled remotely as part of a DDoS botnet.
A post-infection indication is a payload named .IptabLes or. IptabLex located in the /boot directory. These script files run the .IptabLes binary on reboot. The malware also contains a self-updating feature that causes the infected system to contact a remote host to download a file. In the lab environment, an infected system attempted to contact two IP addresses located in Asia.
Asia apparently a significant source of DDoS attacks
Command and control centers (C2, CC) for IptabLes and IptabLex are currently located in Asia. Infected systems were initially known to be in Asia; however, more recently many infections were observed on servers hosted in the U.S. and in other regions. In the past, most DDoS bot infections originated from Russia, but now Asia appears to be a significant source of DDoS development.
Prevention, detection and DDoS mitigation
Detecting and preventing an IptabLes or IptabLex infestation on Linux systems involves patching and hardening Linux servers and antivirus detection. In the threat advisory, PLXsert provides bash commands to clean an infected system.
DDoS mitigation for the target of a DDoS attacker who controls these infected bots may include rate-limiting DDoS mitigation techniques. In addition, PLXsert shares a YARA rule in the threat advisory to identify the ELF IptabLes payload used in an observed attack campaign.
The IptabLes and IptabLex botnet has produced significant DDoS attack campaigns for which target companies have sought expert DDoS protection. Akamai offers DDoS mitigation solutions to stop DDoS attacks launched from IptabLes and IptabLex bots.
PLXsert anticipates further infestation and the expansion of this DDoS botnet.
Get the IptabLes and IptabLex DDoS Bot Threat Advisory to learn more
In the advisory, PLXsert shares its analysis and details about IptabLes and IptabLex infections, including:
- Indicators of infection
- Analysis of the binary (ELF) associated with IptabLes and IptabLex infections
- Payload initialization, entrenchment and persistence
- Network code analysis
- Case study of a DDoS attack campaign
- How to hardening Linux servers against this threat
- Antivirus detection rates
- Bash commands to clean an infected system
- YARA rule to identify an ELF IptabLes payload
- DDoS mitigation techniques
A complimentary copy of the threat advisory is available for download at www.prolexic.com/iptablex.
Akamai® is the leading provider of cloud services for delivering, optimizing and securing online content and business applications. At the core of the Company's solutions is the Akamai Intelligent Platform™ providing extensive reach, coupled with unmatched reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.
SOURCE Akamai Technologies, Inc.
Oct. 7, 2015 04:00 AM EDT Reads: 449
Oct. 7, 2015 03:30 AM EDT Reads: 454
Oct. 7, 2015 03:00 AM EDT Reads: 400
Oct. 7, 2015 03:00 AM EDT Reads: 366
Oct. 7, 2015 03:00 AM EDT Reads: 691
Oct. 7, 2015 02:45 AM EDT
Oct. 7, 2015 02:00 AM EDT Reads: 250
Oct. 7, 2015 02:00 AM EDT Reads: 586
Oct. 7, 2015 02:00 AM EDT Reads: 508
Oct. 7, 2015 01:15 AM EDT Reads: 505
Oct. 7, 2015 12:45 AM EDT Reads: 127
Oct. 7, 2015 12:00 AM EDT Reads: 504
Oct. 6, 2015 10:00 PM EDT Reads: 660
In his session at @ThingsExpo, Tony Shan, Chief Architect at CTS, will explore the synergy of Big Data and IoT. First he will take a closer look at the Internet of Things and Big Data individually, in terms of what, which, why, where, when, who, how and how much. Then he will explore the relationship between IoT and Big Data. Specifically, he will drill down to how the 4Vs aspects intersect with IoT: Volume, Variety, Velocity and Value. In turn, Tony will analyze how the key components of IoT ...
Oct. 6, 2015 08:00 PM EDT Reads: 313
When it comes to IoT in the enterprise, namely the commercial building and hospitality markets, a benefit not getting the attention it deserves is energy efficiency, and IoT’s direct impact on a cleaner, greener environment when installed in smart buildings. Until now clean technology was offered piecemeal and led with point solutions that require significant systems integration to orchestrate and deploy. There didn't exist a 'top down' approach that can manage and monitor the way a Smart Buildi...
Oct. 6, 2015 05:00 PM EDT Reads: 257