December 15, 2023 at 01:22PM
A versatile malware named NKAbuse, deployed as both a flooder and backdoor, has been discovered targeting Linux systems in Colombia, Mexico, and Vietnam. Written in Go, it exploits the NKN blockchain-oriented peer-to-peer networking protocol. Utilizing various methods, including exploiting vulnerabilities, it has the capacity to launch DDoS attacks and compromise systems. Kaspersky recommends updating antivirus software and deploying EDR solutions to counter it.
Based on the meeting notes, here are the key takeaways:
1. NKAbuse is a sophisticated and versatile malware targeting Linux desktops in Colombia, Mexico, and Vietnam, operating as both a flooder and a backdoor. It exploits the NKN blockchain-oriented peer-to-peer networking protocol and can infect Linux systems and Linux-derived architectures like MISP and ARM, putting IoT devices at risk.
2. The malware functions as a backdoor for unauthorized access and can launch destructive DDoS attacks, impacting targeted servers and networks.
3. It utilizes the NKN technology to send and receive data from its peers and employs Go to generate different architectures, allowing it to infect different types of systems.
4. NKAbuse includes a “Heartbeat” structure for regular communication with the bot master and stores data on the infected host like PID, IP address, memory, and configuration.
5. The malware does not have a self-propagation mechanism and relies on someone exploiting a vulnerability to deploy the initial infection, such as the exploitation of an old vulnerability in Apache Struts 2 observed in attacks.
6. Organizations are advised to keep operating systems, applications, and antivirus software updated to address known vulnerabilities and to deploy EDR solutions for post-compromise cyber-activity detection and incident remediation.
Please let me know if you need further details or if there’s anything specific you would like to focus on from the meeting notes.