Malware continues to be a leading problem for security. There is a new malware on the block causing a lot of problems, with the versatility to infect and disrupt many types of infrastructure.
The title “Chaos” Malware, applied by Black Lotus Labs, gets its name from how often the word “chaos” appears in source file names, function names, and X.509 certificates. Dubbed “the Swiss Army knife of malware,” the original code is written in an infrastructure that commands and control.
The rapid proliferation of this new form of malware and its ability to operate across multiple platforms make it a substantial threat to the security of your business network.
Why You Need to Adapt Chaos Malware Protections
Chaos Malware functions by enumerating the host environment, running remote shell commands, loading additional modules, spreading by stealing and forcing access to SSH private keys, and launching multiple DDoS attacks.
It appears to be a descendant of an IoT-targeting botnet campaign called Kaiji. However, Chaos takes a leap forward by being written in Go, a popular new language for threat actors that allows cross-platform use, is hard for antivirus platforms to detect, and is even more difficult to reverse-engineer to create solutions.
Cybersecurity leaders describe Chaos and its impact like this:
- “One of the reasons that the latest version of Chaos is so powerful is because it operates across multiple platforms, including not only Windows and Linux operating systems but also ARM, Intel (i386), MIPS, and PowerPC.”
- “It also propagates in a far different way than previous versions of the malware. While researchers were unable to ascertain its initial access vector, once it takes hold of a system, the latest Chaos variants exploit known vulnerabilities in a way that shows the ability to pivot quickly.”
Chaos has demonstrated a prolific ability to evolve and infect different platforms, from its early version in .NET to a rebranded binary called Yashima, and now to a recent evolution that security mogul Black Lotus Labs claims is far different and poses significantly higher risks.
Recent Chaos Activity
What servers and companies has Chaos recently affected? Platforms that have shown Chaos activity include:
- Intel (i386)
- SOHO routers
- FreeBSD OS
What are the results of a Chaos infection? One September 28, 2022 article described an recent situation: “Chaos successfully compromised a GitLab server and unfurled a flurry of DDoS attacks targeting the gaming, financial services and technology, and media and entertainment industries, along with DDoS-as-a-service providers and a cryptocurrency exchange.”
Security professionals believe that Chaos will be levered on a growing scale to infect devices for access, DDoS attacks, and to control cryptomining operations.
Mitigating Risk with Chaos Malware Protection
Everyone accessing the Internet is at risk from Chaos malware, including small home offices and large enterprise businesses. Because Chaos primarily spreads through new vulnerabilities, experts recommend frequent updates to obtain patches as soon as they become available.
Those operating small or home offices should regularly reboot routers (this is how many updates are installed), install security updates and patches to existing malware and virus protection platforms, and leverage updated EDR solutions.
Remote workers can help protect themselves by disabling root access when it is not required, storing SSH keys securely, and frequently changing passwords to all accounts and platforms.
Businesses should strongly consider applying secure access protection like SASE and DDoS mitigation protections. Even the strongest security posture can have vulnerabilities, and your network can be at a higher risk now more than ever.