Wednesday,27 November, 2024

Subscribe to Newsletter
HOME
 		  NEWS
 		  Knowledge Center
 		 
News

Expert Comments from AccessData on the Mayhem Botnet Malware

Published Oct 20, 2014

One of the latest cyber attack incidents that is making headlines across the world is the ‘Mayhem’ Botnet Malware that targets Web servers that haven't been patched for recent vulnerabilities found in the Bash Linux shell. (http://www.computerworld.in/news/linux-botnet-mayhem-spreads-through-shellshock-exploits)

Lucas Zaichkowsky, Enterprise Defense Architect at AccessData provides enterprises with insight into Mayhem and recommendations on how they can protect themselves.

Q: Why should enterprises be worried about the Mayhem botnet malware being adjusted to take advantage of Shellshock?

A: Externally facing servers vulnerable to the Shellshock exploit kit will become infected with Mayhem, providing the attacker with several functions they can use to steal sensitive information such as passwords, users’ personal information, and credit card data. Additionally, infected servers can then be used to scan internal systems, enabling the attacker to quickly move laterally, dropping other backdoors that will ensure they have persistent access and steal from internal systems. In a targeted attack scenario, attackers will move quickly to steal privileged user accounts and progress through the internal network. For example, they might use Shellshock to compromise a web server that isn’t considered sensitive, but they will use that as the source of their initial hacking activity, already behind perimeter defenses.

Q: What steps can organizations take to ensure their Linux machines aren’t affected by the attack?

A: Companies should immediately set up network intrusion detection systems to detect attacks and enable logging that would allow them to record exploitation. That will allow them to know if they’ve been attacked. After that, they should scan everything exposed to the internet for this vulnerability, then apply mitigating controls or patches. After that, they should waste no time scanning internal systems for vulnerable software. It’s trivial for attackers to gain entry to an internal system at which point vulnerable internal systems could be exploited.

Q: Do you think malware writers are more likely to adjust existing attacks to take advantage of Shellshock or to write entirely new pieces of malware?

A: We’ll see existing hacking tools, Trojans, and botnets like Mayhem exploiting Shellshock. There will also be point and click hacking tools written for this exploit that attackers will use in targeted attacks. Once exploited, they’ll drop customized hacking and remote admin tools, similar to a burglar carrying a backpack of equipment through an unlocked window.


Rate This:

Posted by VMD - [Virtual Marketing Department]

Poll
What is your favourite search engine?
Google
Yahoo
Bing

Most Viewed
  Riverbed Launches Industry’s Most Complete Digital Experience Management Solution
  Credence Security to Address Growing Market for GRC Solutions in Middle East Through Partnership with Rsam
  New Mimecast Archive Cloud Capability Streamlines GDPR Management for Email
  Planning and Scheduling Software–Helping Manufacturers Keep Their Customers Happy
  Farsight Security and Infoblox Provide Zero-Hour Protection Against Cyberattacks Due to New Domains
  Fujitsu Launches High-Security Biometric Authentication Solution for Active Directory IT Environments
  Rackspace Wins 2017 Red Hat Innovator of the Year Award
  ServiceNow Survey Shows 2018 as the Year of Automation for Routine Enterprise Work
  4 Tech Hacks to Faster Customer Onboarding
  New Mimecast Report Detects 400% Increase in Impersonation Attacks
Contact Us
Site Map
News RSS
Terms of Use

Developed & Managed By ROOT Technologies - Copyrights ROOT Technologies - All Rights Reserved.