This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Attackers’ evasive methods stretch back to the times when base64 and other popular encoding schemes were utilized.
New Linux shell script methods and techniques are being used by attackers today to deactivate firewalls, monitor agents, and change access control lists (ACLs). The common evasive shell-script techniques are:
1.Uninstalling monitoring agents
Monitoring agents are software elements that track the system’s process and network activity on a regular basis. The monitoring agents also produce various logs, which are useful during an incident probe.
The malicious script, discovered in the osquery-based sandbox, attempts to uninstall the cloud-related monitoring agent Aegis (Alibaba Cloud threat detection agent) and terminate the Aliyun service. It also tries to uninstall YunJing, a host security agent from Tencent and BCM client management agent, which is generally installed on Endpoints for risk mitigation.
2.Disabling Firewalls and Interrupts
As a defensive measure, most systems and servers employ firewalls. As a defence evasive technique, the malicious software attempts to deactivate the firewall, i.e., uninterrupted firewall (ufw). In addition, attackers delete iptables rules (iptables -F), which are commonly used on Linux computers and servers for controlling firewall rules.
The instructions were also exploited by attackers to deactivate non-maska
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Malicious Linux Shell Scripts Used to Evade Defenses