Advanced Linux Server-Side Threats: How they work and what you can do about them

Olivier Bilodeau

Server-side malware has evolved. Attackers used to be motivated by defacement or direct damage, using small-scale and targeted operations. Nowadays we are seeing an increase in organized crimeware campaigns leveraging compromised Linux servers for financial gain through website redirections infecting end-users and spam. Furthermore, malicious gangs base their operation’s infrastructure on these same compromised servers, making takedown or law enforcement intervention complex since they run legitimate workloads.

This presentation will cover the evolution of the financially motivated Linux malware and will describe the threats that were part of Operation Windigo which affects more than 25 000 servers. We will give in-depth technical details on the pieces of malware involved, show how they are deployed by the operators and how they are able to defeat current defensive technologies. More importantly, we will describe hands-on detection and incident response tricks to quickly assess one’s servers and help in the fight.

Nguồn: https://ftlinuxcourse.com

Xem thêm bài viết khác: https://ftlinuxcourse.com/lap-trinh-linux