APT groups are progressively executing targeted attacks from Linux-based products as very well as producing far more Linux-centered applications, in accordance to an investigation by Kaspersky.
This is as a result of a growing range of organizations’ picking Linux in advance of Windows to run their strategically important servers and programs, and the notion that the Linux running process is safer and much less possible to be focused by malware as it is considerably less well known.
On the other hand, risk-actors have been noticed to adapt their ways to just take benefit of this pattern, and Kaspersky pointed out that “over a dozen APT actors have been observed to use Linux malware or some Linux-primarily based modules” throughout the past 8 years.
These contain notorious teams this sort of as Turla, Lazarus, Barium, Sofacy, the Lamberts and Equation. Kaspersky highlighted the case in point of Russian talking APT team Turla employing Linux backdoors as portion of its changing toolset in recent decades.
The cybersecurity organization added that although focused Linux-centered techniques are even now unheard of, there is nevertheless malware intended to goal them, such as webshells, backdoors, rootkits and even personalized-made exploits.
This usually means organizations need to not be complacent about the threat posed, particularly as the consequences of a successful compromise of a server managing Linux are usually serious. This can incorporate attackers attaining obtain to the endpoints jogging Windows or macOS in addition to the infected unit.
Yury Namestnikov, head of Kaspersky’s International Research and Assessment Workforce (Terrific) in Russia commented: “The development of maximizing APT toolsets was identified by our authorities a lot of periods in the past, and Linux-focused resources are no exception. Aiming to secure their techniques, IT and security departments are employing Linux additional often than prior to. Threat actors are responding to this with the generation of refined resources that are equipped to penetrate such devices. We advise cybersecurity specialists to take this craze into account and carry out additional steps to defend their servers and workstations.”
Commenting on the findings, Boris Cipot, senior security engineer at Synopsys stated: “It is not a massive shock that Linux-primarily based devices also have vulnerabilities and are subject to assaults. There is a frequent misunderstanding which indicates that Linux-centered devices are unbreachable, or that a Mac can not be influenced by malware. Regretably, this is not accurate.”
Previously today, ESET announced it has learned an entirely new sort of Linux malware created to attack a particular VoIP platform.
Some elements of this posting is sourced from: