Q
Problem solve Get help with specific problems with your technologies, process and projects.

How does Rakos malware attack embedded Linux systems?

Rakos malware is attempting to build a botnet by attacking embedded Linux systems. Expert Nick Lewis explains how enterprises can prevent attacks on their systems.

Researchers found a new type of malware, known as Rakos, attacking embedded Linux systems with the goal of assembling...

a large botnet. The attack method used by Rakos is similar to that of the Mirai internet of things botnet. How does Rakos attack these embedded Linux systems? What can enterprises do to secure them? Embedded security has been a growing problem over the last ten years, and it is getting exponentially worse with internet of things (IoT) malware like the Mirai and Hajime worms, and now, Rakos Linux malware.

Rakos attacks embedded Linux systems using methods similar to those used by the Moose worm, where it tries to brute force the login credentials via SSH on vulnerable devices. When a vulnerable device is found, the malware transfers the malicious binary to the target system and downloads the configuration file that lists the command-and-control (C&C) servers. The malicious binary starts a web server to accept commands from remote systems. The C&C connection can be used to update the malicious binary and the configuration file.

To remove the malware, the running process needs to be killed or the device rebooted, as the malware doesn't have functionality for persistence.

Enterprises can secure embedded Linux systems by placing them on isolated networks, restricting inbound network connections to these devices and following the standard guidance to change default passwords.

Many systems are also rendered vulnerable through poor SSH security practices that expose keys to third parties and potential hackers; security teams should regularly audit and review SSH credentials to make sure they aren't used against the organization. Enterprises may even want to scan their network to identify vulnerable systems and remove them from the network or change the default password.

Enterprises may also want to ensure any device they deploy can be updated and patched when a security vulnerability is found. 

Next Steps

Find out how Rekoobe Linux malware avoids being detected

Learn how to secure IoT devices in the wake of the Mirai botnet

Read about a Linux vulnerability in Android devices that enables attacks on TCP communications

This was last published in May 2017

Dig Deeper on Endpoint protection and client security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How does your enterprise keep embedded systems secure?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close