Many people think that the way it handles user permissions is designed to make Linux more secure than Windows. This is beginning to change as more and more Linux systems make things easier by recognizing file extensions, so users now rely on the security of each application.
What happened?
You may already be aware that Linux is a very desirable goal. It serves as the host operating system for a large number of application backends and servers and is the driving force behind a wide range of Internet of Things (IoT) devices.
However, reported by CsoonlineNot enough is being done to protect the computers that use it.
Linux malware has been largely ignored. Since most cloud hosts run Linux, being able to compromise on Linux-based platforms allows an attacker to access large amounts of resources or do considerable damage through ransomware and wipers.
It is important to keep an eye on the following six types of Linux attacks:
1. Virtual machine images are the focal point of ransomware attacks
Over the past several years, ransomware groups have begun to show interest in the Linux system. Malware sampling has a wide range of qualities, but criminal organizations such as Conti, Darkside, Reveal and Hive are rapidly improving their skill sets.
Attacks using ransomware that target cloud settings often involve significant planning. According to VMware, fraudsters try to gain complete control over their victims before starting the process of encrypting information.
Recently, criminal organizations such as RansomExx / Defray777 and Conti Linux have started attacking host images that are used to run workloads in virtualized environments.
2. Cryptojacking is becoming more common
Because of the ease with which it can be monetized, cryptocurrency has become one of the most common forms of malicious software that affects Linux.
The practice of cryptocurrency is becoming more common, and XMRig and Sysrv are the two most familiar families of cryptocurrency miners.
3. The Internet of Things targets three different types of malware: XorDDoS, Mirai and Mozi.
The Internet of Things, with very few exceptions, is powered by Linux, and the ease of use of the devices helps make them vulnerable to attacking targets.
It is believed that the Linux Trojan, also known as Mirai, which compromises the machine by using brute-force assault via Telnet and Secure Shell (SSH), is the common ancestor of many other strains of Linux DDOS malware. After its source code became available to the public in 2016, a number of other variations emerged. Also, malware makers have studied it and incorporated some of its features into their own Trojans after learning from Mirai.
4. State-sponsored attacks target the Linux environment
Security experts who visit nation-state companies have noticed that these companies are increasingly focusing on Linux operating systems.
In the case of other nation-state actors, multiple groups backed by China, Iran, North Korea, and other countries used the infamous Log4j bug in the Windows and Linux operating systems to gain access to the targeted networks. .
5. Attacks without files are difficult to detect
Various actors, including TeamTNT, began using Ezuri, an open-source program created in Golang. Ezuri is used by attackers to encrypt malicious programs. The payload is decrypted and then exits immediately from memory without leaving any mark on the disk.
This makes it difficult for antivirus software to detect such attacks
6. Malware written in Linux is designed to infect Windows computers
The Windows subsystem for Linux (WSL) is a component of Windows that enables Linux binary to run natively on this operating system. Malware written in Linux can also be used on Windows computers using this functionality. WSL can only be installed manually or by participating in the Windows Insider program; However, malicious users with administrative benefits are able to install it on compromised computers.
Protect yourself from malicious software aimed at Linux
Attention, or better yet lack of it, is the main reason why your company does not have a good level of security, because there is nothing wrong with IT administrators ensuring that the software can function properly in their production environment.
Attackers looking for a chance to strike will take advantage of any such situation, and as a result, the malware that targets the Linux environment develops into a huge playground consisting of consumer devices and servers, virtualized environments, and specialized operating systems. All of these protections require concentration and careful planning for the security measures required.
How can Heimdal help?
Heimdal â„¢ recently unveiled its new addition to the Patch and Asset Management suite – the Patch and Vulnerability Management module for the Linux system. With the latest inclusion, Heimdal goes one step further towards filling consistent gaps in automated patch management. The module is now available on the Unified Threat Dashboard (UTD), where our customers can create Linux-specific group policies, collect historical and current vulnerabilities, retrieve resources and hardware inventory, and more.
New patches for the Linux module and resource management will ensure equal (and accurate) distribution of packages that carry all updates across your business ecosystem.
If you liked this article, follow us LinkedIn, Twitter, Facebook, YouTubeAnd Instagram For more cyber security news and topics.