Kaspersky says Linux increasingly targeted for attacks

Linux Kernel Logo, Tux

According to security researchers from Kaspersky, hackers are increasingly focused on attacking Linux servers and workstations.

While Windows systems have always been a target of attackers, advanced persistent threats (APT) are now a serious problem in the Linux world.

For Linux systems are the specific target of a growing selection of malicious tools.

While it is not at all unknown that Linux malware is detected, and there have been many notable examples such as TwoSail Junk, Sofacy and Equation, Kaspersky notes that despite the widespread impression that Linux systems are rarely or never a target, there are actually many webhells, backdoors, and rootkits specifically designed for Linux.

The myth that Linux, being a less popular operating system, is unlikely to be targeted by malware, invites additional cybersecurity risks. While attacks targeting Linux-based systems are still rare, there is certainly malware designed for them, including webshells, backdoors, rootkits, and even custom exploits.  

A recent example is an updated version of the backdoor Linux Penguin_x64 of the Russian group Turla.

The Korean group Lazarus has also increased its arsenal of Linux malware, including various tools used for espionage and financial attacks.

Yury Namestnikov, Director of the Kaspersky Global Research and Analysis Team (GReAT) in Russia, says:

“Our experts have identified the trend toward improving APT tools many times in the past. and Linux-centric tools are no exception. To protect their systems, IT and security departments are using Linux more often than ever. Threat actors are responding to this development by creating sophisticated tools that can penetrate these systems. We advise cybersecurity experts to pay attention to this trend and implement additional measures to protect their servers and workstations.

Security company shares details of a series of steps that can be taken to help protect Linux systems from APTs:

  • Maintain a list of trusted software sources and avoid using unencrypted update channels.
  • Do not run binaries and scripts from untrusted sources. The widely publicized ways of installing programs with commands like "curl https: // install-url | sudo bash »pose a real security issue
  • Make sure the update process is efficient and configure automatic security updates
  • Taking the time to properly configure a firewall - make sure it logs network activity, blocks ports you're not using, and reduces your network footprint
  • Use key-based SSH authentication and protect keys with passwords
  • Use 2FA (two-factor authentication) and store confidential keys on external token devices (for example, Yubikey)
  • Use an out-of-band network connector to independently monitor and analyze network communications from your Linux systems
  • Maintain the integrity of the system executable file and periodically review the configuration file for changes
  • Be prepared for physical or internal attacks - use full disk encryption, secure and reliable primers, and put tamper-proof security tapes on your critical hardware.
  • Audit the system and check logs for indicators of attack
  • Perform Penetration Testing on Your Linux Installation
  • Use a dedicated security solution with Linux protection, such as built-in endpoint security. This solution provides web and network protection to detect phishing, malicious websites, and network attacks, as well as device control, allowing users to set rules for the transfer of data to other devices.

Kaspersky Hybrid Cloud Security enables DevOps protection, enabling security integration on CI / CD platforms and containers, and image scanning against supply chain attacks

If you want to know more about it you can check the original note In the following link.


A comment, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   The masked parata said

    Leave straw to sell antivirus (as if the mask is not enough) Linux is safer not because it is more or less popular, if not because of the "Law of Torvalds" with the greater number of participants in its creation, the more evident any failure becomes