According to Kaspersky Lab, more and more hacker groups are carrying out targeted attacks on Linux-based devices using specially designed tools. Overall, experts note the growing interest of cybercriminals in Linux systems.
The researchers write that over the past eight years, more than ten developed hack groups have carried out such operations, including Barium, Sofacy, Lamberts, Equation, TwoSail Junk with LightSpy and WellMess malware.“Malicious tools targeting Linux systems allow attackers to make attacks more effective and infect more devices, and hide if an attack is detected at additional points such as developer desktops, servers and corporate IoT”, — say the experts.
According to the study, companies around the world, as well as government agencies are increasingly using Linux. This is explained by spread of virtualization and containerization technologies. In addition, in some organizations, Linux is the dominant desktop environment when it comes to dealing with sensitive data.
According to experts, a false sense of security creates a widespread myth that this operating system is not susceptible to cyber threats – for example, according to a report by TheBestVPN portal, Android is the most vulnerable platform in 2019, but Linux is no longer living up to the myth about it.
Of course, targeted attacks on Linux systems are not very common so far, but every major hack group already creates Linux-specific malware such as web shells, backdoors, rootkits, and even customized exploits.
Such attacks, despite their small number or, on the contrary, due to it, are very successful and difficult to detect. As a result, attackers gain not only access to the infected device, but also the ability to penetrate other devices running Windows and macOS, which opens up wide opportunities for them.
For example, Kaspersky Lab experts recently talked about the MATA multi-platform framework. In addition, in June 2020, researchers analyzed several Linux malware samples used by the Lazarus group in Operation AppleJeus and TangoDaiwbo, which were carried out for cyber espionage and money theft.
“We have seen many times how improve the toolkits used to carry out sophisticated attacks, and malware for Linux devices is no exception. Today, IT and information security departments use this operatin g system more often than before to reduce costs and create a highly scalable infrastructure. In response, attackers create sophisticated malicious tools for Linux, because it is often on such machines that the most interesting data for attackers is processed”, — comments Yury Namestnikov, head of the research center at Kaspersky Lab.
Experts recommend that information security experts take into account the increased threat to Linux systems and implement additional measures to protect servers and workstations
Note also that The FBI and NSA recently issued a joint warning, full of technical details, in which they said they had discovered Drovorub malware, targeting Linux systems and designed to create backdoors.