Inscrivez-vous maintenant pour un meilleur devis personnalisé!

Linux malware attacks are on the rise, and businesses aren't ready for it

10 fév. 2022 Hi-network.com

Cyber criminals are increasingly targeting Linux servers and cloud infrastructure to launch ransomware campaigns, cryptojacking attacks and other illicit activity -and many organisations are leaving themselves open to attacks because Linux infrastructure is misconfigured or poorly managed. 

Analysis from cybersecurity researchers at VMware warns that malware targeting Linux-based systems is increasing in volume and complexity, while there's also a lack of focus on managing and detecting threats against them. This comes after an increase in the use of enterprises relying on cloud-based services because of the rise of hybrid working, with Linux the most common operating system in these environments. 

Recommends

  • Best VPN services
  • Best security keys
  • Best antivirus software
  • The fastest VPNs

That rise has opened new avenues that cyber criminals can exploit to compromise enterprise networks, as detailed by the research paper, including ransomware and cryptojacking attacks tailored to target Linux servers in environments that might not be as strictly monitored as those running Windows. 

SEE: A winning strategy for cybersecurity (ZDNet special report)

These attacks are designed for maximum impact, as the cyber criminals look to compromise as much as the network as possible before triggering the encryption process and ultimately demanding a ransom for the decryption key. 

The report warns that ransomware has evolved to target Linux host images used to spin up workloads in virtualised environments, enabling the attackers to simultaneously encrypt vast swathes of the network and make incident response more difficult. The attacks on cloud environments also result in attackers stealing information from servers, which they threaten to publish if they're not paid a ransom. 

Ransomware families that have been seen targeting Linux servers in attacks include REvil, DarkSide and Defray777 and it's likely that new forms of ransomware will appear that also target Linux.   

Cryptojacking and other malware attacks are also increasingly targeting Linux servers. Cryptojacking malware steals processing power from CPUs and servers in order to mine for cryptocurrency.  

The attacks against all operating systems often go undetected. While cryptojackers are using up energy and potentially slowing down systems, it's usually not a noticeable enough drain to cause significant disruption.

The most common application used to mine for Monero is the open-source XMRig miner and many of these are being placed on Linux servers. If the Linux environment isn't being correctly monitored, cryptojacking can easily go undetected and cyber criminals know this. 

"Cyber criminals are dramatically expanding their scope and adding malware that targets Linux-based operating systems to their attack toolkit in order to maximize their impact with as little effort as possible," said Giovanni Vigna, senior director of threat intelligence at VMware. Rather than infecting a PC and then navigating to a higher value target, cyber criminals have realised that compromising a single server can deliver a massive payoff. 

Many of the cyberattacks targeting Linux environments are still relatively unsophisticated when compared with equivalent attacks targeting Windows systems -that means that with the correct approach to monitoring and securing Linux-based systems, many of these attacks can be prevented. 

That includes cybersecurity hygiene procedures such as ensuring default passwords aren't in use and avoiding sharing one account across multiple users. 

"Focus on the basics. The fact is that most adversaries are not super advanced," said Brian Baskin, manager of threat research at VMware. 

"They're not looking for unique exploits, they're looking for the general open vulnerabilities and misconfigurations. Focus on those before you start focusing on zero-day attacks and new vulnerabilities -make sure you've got the basics covered first," he added. 

MORE ON CYBERSECURITY

  • This new malware wants to create backdoors and targets Windows, Linux and macOS
  • Bosses think that security is taken care of: CISOs aren't so sure
  • Ransomware puzzle: These two pieces of malware look very different, but they evolved from the same root
  • Cybersecurity: Many managers just don't want to understand the risks
  • This surprise Linux malware warning shows that hackers are changing their targets

tag-icon Tags chauds: technologie La sécurité

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.