Light Dark
July 3, 2019 By David Bisson 2 min read

Both versions of the Godlua backdoor are capable of performing distributed denial-of-service (DDoS) attacks, according to a recent report.

In late April 2019, the Network Security Research Lab at 360 discovered the backdoor after detecting a suspicious Executable and Linkable Format (ELF) file. Other security firms had previously flagged the file as a mining-related Trojan, but Netlab 360 noted that it could not confirm whether the threat contained a cryptocurrency-mining module. Even so, it did verify that the malware was capable of performing DDoS functionality.

The researchers named the file Godlua because the Lua byte-code file loaded by this sample came with the magic number of “God.” Digging a little deeper, they found that there were two versions of the backdoor in circulation. They obtained the first version by traversing Godlua’s download servers, at which point the researchers determined that there was no update available for the variant. Meanwhile, the second version was active and receiving updates on a regular basis.

At the time of discovery, Netlab 360 had not deciphered the whole picture as to how Godlua infects a system. But it did find that the threat had infected some Linux systems by exploiting CVE-2019-3396.

A Longstanding Trend of Threats Involving Lua

Other threats have incorporated the Lua programming language in recent years. In 2014, for instance, Doctor Web detected Mac.BackDoor.iWorm for the first time. A detailed analysis by the Russian IT security solutions provider revealed that the malware was written in C++ and Lua, used encryption extensively and targeted OS X users.

Two years later, Symantec linked the activities of a digital espionage group known as Strider with the Flamer group based on their shared use of Lua modules.

Mitigate the Threat of the Godlua Backdoor

To help defend their organizations against the Godlua backdoor, security professionals should invest in a vulnerability management solution that integrates with security information and event management (SIEM) and other security tools to prioritize fixes for CVE-2019-3396 and other known vulnerabilities. Companies should also employ next-generation firewalls, anomaly detection and other methods to mitigate the threat of a DDoS attack.

 |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 17, 2024

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

December 16, 2024

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature