Many organizations choose Linux for strategically important servers and systems, not least because this operating system is thought to be safer and less prone to cyberthreats than the far more popular Windows operating system.
Many organizations choose Linux for strategically important servers and systems, not least because this operating system is thought to be safer and less prone to cyberthreats than the far more popular Windows operating system.
Many organizations choose Linux for strategically important servers and systems, not least because this operating system is thought to be safer and less prone to cyberthreats than the far more popular Windows operating system.
While this is the case for mass malware attacks, it is not so clear cut when it comes to advanced persistent threats (APTs). Furthermore, Kaspersky researchers have identified a trend where more and more threat actors are executing targeted attacks against Linux-based devices while developing more Linux-focused tools.
Over the past eight years, over a dozen APT actors have been observed to use Linux malware or some Linux-based modules. These include such infamous threat groups as Barium, Sofacy, the Lamberts, and Equation, as well as more recent campaigns such as, LightSpy by TwoSail Junk and WellMess. Diversification of their arsenal with Linux tools enables threat actors to conduct operations more effectively and with wider reach.
There is a significant trend in many countries towards using Linux as a desktop environment by big enterprise companies, as well as in governmental entities, that pushes threat actors to develop malware for this platform.
“The trend of enhancing APT toolsets was identified by our experts many times in the past, and Linux-focused tools are no exception. Aiming to secure their systems, IT and security departments are using Linux more often than before. Threat actors are responding to this with the creation of sophisticated tools that are able to penetrate such systems. We advise cybersecurity experts to take this trend into account and implement additional measures to protect their servers and workstations,” – comments Yury Namestnikov, head of Kaspersky’s Global Research and Analysis Team (GReAT) in Russia.
In order to avoid falling victim to a targeted attack on Linux by a known or unknown threat actor, Kaspersky researchers recommend implementing the following measures:
• Maintain a list of trusted software sources and avoid using unencrypted update channels
• Do not run binaries and scripts from untrusted sources. Widely advertised ways to install programs with commands like “curl https://install-url | sudo bash” pose a security nightmare
• Spend time to set up your firewall properly: make sure it logs network activity, block all ports you don’t use, and minimize your network footprint
• Use key-based SSH authentication and protect keys with passwords
• Maintain system executable file integrity and review configuration file changes regularly
• Run penetration tests on your Linux setup
• Use a dedicated security solution with Linux protection.