When the Linux Environment Comes Under Cyberattack
Linux-based machines are no longer considered a major obstacle for cybercriminal groups who are aiming for the operating system as a target. Starting from web shells, backdoors, rootkits to custom-made exploits, it has become seemingly easy to launch attacks on Linux-based workstations in the last few years.
Case in point
- Researchers have pointed out that several cyber gangs have started targeting Linux machines via a fileless malware installation technique that was more commonly used against Windows-based systems.
- One of the gangs on the forefront is TeamTNT using the new Ezuri downloader to decrypt, install and execute a final malware payload from memory, without ever writing to disk.
Even ransomware attackers are shifting to Linux
- According to LinuxSecurity, Linux is becoming an increasingly popular target among ransomware attackers due to its usages across various critical devices.
- One of the recently observed ransomware is a variant of RansomEXX ransomware that has been designed only to target Linux systems.
- Once deployed, the variant generates a 256-bit key and uses it to encrypt all the files belonging to the targeted victim.
- Last month, researchers uncovered a new cryptomining botnet called PGMiner targeting Linux-based servers that support PostgreSQL databases.
- The botnet was used to illegally mine Monero cryptocurrency from targeted systems.
- Apart from this, last year had also witnessed several other Linux-based botnets, such as a variant of Stantinko botnet and InterPlanetary Storm, attempting to mine cryptocurrencies and deliver malware.
Linux systems are seeing a noticeable increase in cyberattacks from sophisticated threat actors. Some of the notable examples include Barium, Sofacy, Lamberts, Turla, and Equation. Researchers claim that enhancing APT toolsets will give threat actors more ability to penetrate into such systems. The only way to prevent such attacks lies in the way organizations implement threat intelligence-based proactive security measures to protect their servers and workstations.