With the growing popularity of open source platforms, Kaspersky Lab researchers warn that hackers are increasingly targeting Linux-based devices with tools specifically designed to exploit vulnerabilities in the platform.
Windows continues to be the target of massive malware attacks. But there are other examples when it comes to sophisticated threats (APTs) and when an attacker – often a government-sponsored group of hackers – builds up a long-term presence on the network.
According to Kaspersky Lab, these attackers are increasingly diversifying their arsenals by adding Linux hacking tools, thereby expanding the list of systems they can target. Many organizations choose Linux for their strategic servers and systems. In connection with “significant trend“To the use of Linux as a desktop platform by large enterprises, as well as by government agencies, attackers, in turn, are developing more and more malicious programs for this platform.
“The trend towards better APT toolkits has been documented many times in the past by our experts, and Linux-centric tools are no exception.“- said Yuri Namestnikov, head of the global research and analysis group at Kaspersky Lab in Russia. “In an effort to protect their systems, IT and security teams use Linux more often than ever before. Attackers respond to this by creating sophisticated tools that can penetrate such systems.“, – he added.
According to Kaspersky Lab, more than a dozen APT attackers used Linux malware or some Linux-based modules. These include LightSpy and WellMess malware, both targeting Windows and Linux devices. It was also discovered that LightSpy malware can attack iOS and Mac devices. While targeted attacks on Linux-based systems are still rare, there is a range of web shells, backdoors, rootkits and custom exploits available for those wishing to launch them.
Analysts also suggested that the small number of reported attacks did not reflect the severity of the threat they pose, pointing out that compromising a single Linux server “often leads to serious consequences“Because malware was spreading over the network to endpoints running Windows or macOS,”thereby providing wider access for intruders that can go unnoticed“.
For example, the influential Russian-speaking hacker group Turla has made significant improvements to its toolbox in recent years to include the use of Linux backdoors. According to Kaspersky Lab, a new modification of the Penguin x64 Linux backdoor, which was announced earlier in 2020, has already affected dozens of servers in Europe and the United States.
Another example is the North Korean APT group Lazarus, which continues to diversify its toolbox and develop malware not only for Windows, but also for other operating systems. Kaspersky Lab recently reported on the multi-platform malicious MATA framework that Lazarus uses, and in June 2020, researchers analyzed new samples associated with Operation AppleJeus and TangoDaiwbo, launched for financial and espionage purposes. The samples studied included Linux malware.
To mitigate the risk of Linux systems falling victim to attacks, it is recommended that you take a number of steps, including simple steps such as ensuring your firewalls are configured correctly and blocking unused ports, automating security updates, and using a dedicated Linux-protected security solution.
Organizations should additionally keep track of trusted sources of software and avoid using unencrypted update channels; use SSH key-based authentication and password protect keys; use two-factor authentication and use hardware tokens. You should also avoid running binaries and scripts from unreliable sources.
“We advise cybersecurity experts to consider this trend and implement additional measures to protect their servers and workstations,” Namestnikov said.