FreakOut Botnet Exploiting Linux Vulnerabilities

A highly-sophisticated botnet known as FreakOut is targeting applications running on Linux operating systems which require immediate patching. Initial reports indicate this is primarily impacting Linux systems which have not been patched.

During a Weaponized attack, the botnet talks back to a remote system from where the Linux device becomes a slave, and the attacker has full access to the victim to deliver ransomware or perform data theft. 

Syxscore Risk Alert

The following vulnerabilities have been identified as important vulnerabilities to remediate in order to reduce the risk of the botnet becoming weaponized; we recommend to deploy at least one or preferably all three if they are detected on any of your systems.

1. CVE-2020-28188 – RCE in TerraMaster management panel (disclosed on December 24, 2020)

CVSS Score: Critical 9.8

Attack Vector: Network

Vector Complexity: Low

Privileges Required: None

User Interaction: None

Jump Point (Scope): No

 

2. CVE-2021-3007 – Deserialization bug in the Zend Framework (disclosed on January 3, 2021)

CVSS Score: Critical 9.8

Attack Vector: Network

Vector Complexity: Low

Privileges Required: None

User Interaction: None

Jump Point (Scope): No

 

3. CVE-2020-7961 – Deserialization bug in the Liferay Portal (disclosed on March 20, 2020)

CVSS Score: Critical 9.8

Attack Vector: Network

Vector Complexity: Low

Privileges Required: None

User Interaction: None

Jump Point (Scope): No