Malware targeting Linux is becoming more present

Many people think that because of how it handles user permissions, Linux is built to be safer than Windows. That’s starting to change as more and more Linux systems make things easier by recognizing file extensions, so users now depend on the security of every application.

What Happened?

You may already be aware that Linux is a very desirable target. It serves as the host operating system for a large number of application backends and servers and is the driving force behind a broad range of Internet of Things (IoT) devices.

However, as reported by Csoonlinenot enough is being done to safeguard the computers that are using it.

Linux malware has been massively overlooked. Since most of the cloud hosts run Linux, being able to compromise Linux-based platforms allows the attacker to access an enormous amount of resources or to inflict substantial damage through ransomware and wipers.

Source

It’s important to keep an eye out for the following six kinds of Linux attacks:

1. Virtual machine images are the focus of ransomware attacks

Over the last several years, ransomware groups have begun to show interest in Linux systems. There is a wide range of quality among the malware samples, but criminal organizations such as Conti, DarkSide, REvil, and Hive are rapidly improving their skill sets.
Attacks using ransomware that target cloud settings almost often involve significant planning. According to VMware, fraudsters attempt to get complete control over their victim before beginning the process of encrypting the information.
Recently, criminal organizations like RansomExx / Defray777 and Conti have started attacking Linux host images that are utilized in virtualized environments to run workloads.

2. Cryptojacking is becoming more common

Due to the ease with which it may generate revenue, cryptojacking has become one of the most common forms of malicious software affecting Linux.
The practice of cryptojacking is becoming more common, and XMRig and Sysrv are two of the most well-known families of cryptocurrency miners.

3. The Internet of Things is a target for three different kinds of malware: XorDDoS, Mirai, and Mozi.

The Internet of Things, with very few exceptions, is powered by Linux, and the ease of use of the devices helps to make them vulnerable to attack targets.
It is believed that the Linux Trojan known as Mirai, which compromises machines by carrying out brute-force assaults through Telnet and Secure Shell (SSH), is the common ancestor of many other strains of Linux DDoS malware. After its source code was made available to the public in 2016, a number of other variations arose. In addition, malware makers studied it and incorporated some of its characteristics onto their own Trojans after learning from Mirai.

4. State-sponsored assaults target Linux environments

Security experts that watch nation-state organizations have seen that these entities are increasingly focusing their attention on Linux operating systems.

In the case of other nation-state actors, multiple groups that were supported by China, Iran, North Korea, and other nations were exploiting the infamous Log4j flaw on both Windows and Linux operating systems in order to gain access to the networks that they target .

5. Fileless attacks are hard to discover

Various actors, including TeamTNT, had started using Ezuri, an open-source program developed in Golang. Ezuri is used by attackers in order to encrypt harmful programs. The payload is decrypted and then performed immediately from memory without leaving any traces on the disk.

This makes it difficult for antivirus software to identify these types of assaults.

Malware written on Linux is designed to infect Windows computers

Windows Subsystem for Linux (WSL) is a component of Windows that enables Linux binaries to execute natively on this operating system. Malware written in Linux may also exploit Windows computers by using this functionality. WSL can only be installed manually or by participating in the Windows Insider program; nonetheless, malicious users with administrative privileges are able to install it on compromised computers.

Protect Yourself Against Malicious Software Aimed at Linux

Attention, or better said the lack of it is the main reason for not having a good security level in your company, as IT administrators may execute software right into their production environment without making sure there is nothing wrong with it.

Attackers who are looking for opportunities to strike will take advantage of any situation of this type and as a result, the fact that malware that targets Linux environments thrives in a vast playground consisting of consumer devices and servers, virtualized environments, and specialized operating systems, the security measures that are required to protect all of these require concentration and careful planning.

How Can Heimdal Help?

Heimdal ™ has recently unveiled its newest addition to the Patch & Asset Management suite – the patch and vulnerability management module for Linux systems. With the latest inclusion, Heimdal takes one step further towards bridging the compatibility gap in automatic patch management. The module is now available in the Unified Threat Dashboard (UTD), where our customers can generate Linux-specific Group Policies, gather information on historical and current vulnerabilities, take asset and hardware inventories, and much more.

The new Patch & Asset Management for Linux module will ensure even (and correct) distribution of all update-carrying packages across your business ecosystem.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtubeand Instagram for more cybersecurity news and topics.

Source

Many people think that because of how it handles user permissions, Linux is built to be safer than Windows. That’s starting to change as more and more Linux systems make things easier by recognizing file extensions, so users now depend on the security of every application.

What Happened?

You may already be aware that Linux is a very desirable target. It serves as the host operating system for a large number of application backends and servers and is the driving force behind a broad range of Internet of Things (IoT) devices.

However, as reported by Csoonlinenot enough is being done to safeguard the computers that are using it.

Linux malware has been massively overlooked. Since most of the cloud hosts run Linux, being able to compromise Linux-based platforms allows the attacker to access an enormous amount of resources or to inflict substantial damage through ransomware and wipers.

Source

It’s important to keep an eye out for the following six kinds of Linux attacks:

1. Virtual machine images are the focus of ransomware attacks

Over the last several years, ransomware groups have begun to show interest in Linux systems. There is a wide range of quality among the malware samples, but criminal organizations such as Conti, DarkSide, REvil, and Hive are rapidly improving their skill sets.
Attacks using ransomware that target cloud settings almost often involve significant planning. According to VMware, fraudsters attempt to get complete control over their victim before beginning the process of encrypting the information.
Recently, criminal organizations like RansomExx / Defray777 and Conti have started attacking Linux host images that are utilized in virtualized environments to run workloads.

2. Cryptojacking is becoming more common

Due to the ease with which it may generate revenue, cryptojacking has become one of the most common forms of malicious software affecting Linux.
The practice of cryptojacking is becoming more common, and XMRig and Sysrv are two of the most well-known families of cryptocurrency miners.

3. The Internet of Things is a target for three different kinds of malware: XorDDoS, Mirai, and Mozi.

The Internet of Things, with very few exceptions, is powered by Linux, and the ease of use of the devices helps to make them vulnerable to attack targets.
It is believed that the Linux Trojan known as Mirai, which compromises machines by carrying out brute-force assaults through Telnet and Secure Shell (SSH), is the common ancestor of many other strains of Linux DDoS malware. After its source code was made available to the public in 2016, a number of other variations arose. In addition, malware makers studied it and incorporated some of its characteristics onto their own Trojans after learning from Mirai.

4. State-sponsored assaults target Linux environments

Security experts that watch nation-state organizations have seen that these entities are increasingly focusing their attention on Linux operating systems.

In the case of other nation-state actors, multiple groups that were supported by China, Iran, North Korea, and other nations were exploiting the infamous Log4j flaw on both Windows and Linux operating systems in order to gain access to the networks that they target .

5. Fileless attacks are hard to discover

Various actors, including TeamTNT, had started using Ezuri, an open-source program developed in Golang. Ezuri is used by attackers in order to encrypt harmful programs. The payload is decrypted and then performed immediately from memory without leaving any traces on the disk.

This makes it difficult for antivirus software to identify these types of assaults.

Malware written on Linux is designed to infect Windows computers

Windows Subsystem for Linux (WSL) is a component of Windows that enables Linux binaries to execute natively on this operating system. Malware written in Linux may also exploit Windows computers by using this functionality. WSL can only be installed manually or by participating in the Windows Insider program; nonetheless, malicious users with administrative privileges are able to install it on compromised computers.

Protect Yourself Against Malicious Software Aimed at Linux

Attention, or better said the lack of it is the main reason for not having a good security level in your company, as IT administrators may execute software right into their production environment without making sure there is nothing wrong with it.

Attackers who are looking for opportunities to strike will take advantage of any situation of this type and as a result, the fact that malware that targets Linux environments thrives in a vast playground consisting of consumer devices and servers, virtualized environments, and specialized operating systems, the security measures that are required to protect all of these require concentration and careful planning.

How Can Heimdal Help?

Heimdal ™ has recently unveiled its newest addition to the Patch & Asset Management suite – the patch and vulnerability management module for Linux systems. With the latest inclusion, Heimdal takes one step further towards bridging the compatibility gap in automatic patch management. The module is now available in the Unified Threat Dashboard (UTD), where our customers can generate Linux-specific Group Policies, gather information on historical and current vulnerabilities, take asset and hardware inventories, and much more.

The new Patch & Asset Management for Linux module will ensure even (and correct) distribution of all update-carrying packages across your business ecosystem.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtubeand Instagram for more cybersecurity news and topics.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Threat Intelligence Services Are Universally Valued by IT Staff

Almost all IT professionals believe that threat intelligence services and feeds will help their company get ready for and repulse malware attacks. Only...

Black Basta may be an all-star ransomware gang made up of former Conti and REvil members

The group has targeted 50 businesses from English speaking countries since April 2022. ...

APAC companies are failing to build successful digital models: Forrester

Approximately 61% of APAC organizations have failed to build robust and successful digital business business models, primarily due to unsound practices of enterprise architecture...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!