Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Detects Massive Surge in Linux XorDDoS Malware Activity

Microsoft Detects Massive Surge in Linux XorDDoS Malware Activity

A stealthy and modular malware used to hack into Linux devices and build a DDoS botnet has seen a massive 254% increase in activity during the last six months, as Microsoft revealed today.

This malware (active since at least 2014) is known as XorDDoS (or XOR DDoS) due to its use of XOR-based encryption when communicating with command-and-control (C2) servers and being employed to launch distributed denial-of-service (DDoS) attacks.

As the company revealed, the botnet’s success is likely due to its extensive use of various evasion and persistence tactics which allow it to remain stealthy and hard to remove.

“Its evasion capabilities include obfuscating the malware’s activities, evading rule-based detection mechanisms and hash-based malicious file lookup, as well as using anti-forensic techniques to break process tree-based analysis,” Microsoft 365 Defender Research Team said.

Also Read: PDPA Compliance for the Telecommunication Sector

“We observed in recent campaigns that XorDdos hides malicious activities from analysis by overwriting sensitive files with a null byte.”

XorDDoS is known for targeting a multitude of Linux system architectures, from ARM (IoT) to x64 (servers), and compromising vulnerable ones in SSH brute-force attacks.

To propagate to more devices, it uses a shell script that will attempt to log in as root using various passwords against thousands of Internet-exposed systems until it finally finds a match.

XorDDoS attack flow
XorDDoS attack flow (Microsoft)

Besides launching DDoS attacks, the malware’s operators use the XorDDoS botnet to install rootkits, maintain access to hacked devices, and, likely, drop additional malicious payloads.

“We found that devices first infected with XorDdos were later infected with additional malware such as the Tsunami backdoor, which further deploys the XMRig coin miner,” Microsoft added.

“While we did not observe XorDdos directly installing and distributing secondary payloads like Tsunami, it’s possible that the trojan is leveraged as a vector for follow-on activities.”

The huge boost in XorDDoS activity Microsoft detected since December lines up with a report by cybersecurity firm CrowdStrike which said that Linux malware had seen a 35% growth during 2021 compared to the previous year.

XorDDoS, Mirai, and Mozi were the most prevalent families, accounting for 22% of all malware attacks targeting Linux devices observed in 2021.

Also Read: Domain spoofing: What is it and how to protect your business from it

Of the three, CrowdStrike said that XorDDoS saw a notable year-over-year increase of 123%, while Mozi had an explosive activity growth, with ten times more samples detected in the wild throughout last year.

February 2021 report from Intezer also revealed that Linux malware families increased by roughly 40% in 2020 compared to 2019.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us