Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Linux

Kaspersky Warns Intruders are Targeting Linux Workstations and Servers (techrepublic.com) 80

Researchers at Kaspersky "have warned that sophisticated hackers and crooks are increasingly targeting Linux-based devices — using tools specifically designed to exploit vulnerabilities in the platform," reports TechRepublic: While Windows tends to be more frequently targeted in mass malware attacks, this is not always the case when it comes to advanced persistent threats (APTs), in which an intruder — often a nation-state or state-sponsored group — establishes a long-term presence on a network. According to Kaspersky, these attackers are increasingly diversifying their arsenals to contain Linux tools, giving them a broader reach over the systems they can target.

Many organisations choose Linux for strategically important servers and systems, and with a "significant trend" towards using Linux as a desktop environment by big business as well as government bodies, attackers are in turn developing more malware for the platform... According to Kaspersky, over a dozen APT actors have been observed to use Linux malware or some Linux-based modules. Most recently, this has included the LightSpy and WellMess malware campaigns, both of which targeted both Windows and Linux devices. The LightSpy malware was also found to be capable of targeting iOS and Mac devices.

While targeted attacks on Linux-based systems are still uncommon, a suite of webshells, backdoors, rootkits and custom-made exploits are readily available to those that seek to use them. Kaspersky also suggested that the small number of recorded attacks was not representative of the danger they posed, pointing out that the compromise of a single Linux server "often leads to significant consequences", as the malware travelled through the network to endpoints running Windows or macOS, "thus providing wider access for attackers which might go unnoticed".

This discussion has been archived. No new comments can be posted.

Kaspersky Warns Intruders are Targeting Linux Workstations and Servers

Comments Filter:
  • by franzrogar ( 3986783 ) on Sunday September 13, 2020 @11:43AM (#60501974)

    So... resuming: the supposed danger does basically nothing in Linux and the REAL issue is that they use it to attack Windows and iOS attached to it...

    WOW!

  • Significant... You keep using that word. I do not think it means what you think it means.

  • Since 2001 (Score:4, Insightful)

    by Insanity Defense ( 1232008 ) on Sunday September 13, 2020 @11:45AM (#60501982)

    Kaspersky has been forecasting a coming Tsunami of linux viruses since 2001. So I doubt anything they say on the topic as their predictions on this topic have been uniformly failures.

    • It's hard for viruses to spread if everything is compiled by a trusted source. It's hard for worms to spread if you have a good firewall.
      • Compiling doesn't mean there won't be stuff planted in the code. The code has to be audited by people who aren't just the development team and most projects don't have the resources to keep that up. Low budget open source projects have even less money to audit the code and that's the real problem. Mission critical code has to be audited on a regular basis, especially when updated. Most development teams to practice secure enough principles in writing and sharing code. It can't be that hard to get a state a
        • Compiling doesn't mean there won't be stuff planted in the code.

          It means it won't spread the way a normal virus spreads, by executables attaching pieces of themselves to executables.

      • It's hard for viruses to spread if everything is compiled by a trusted source.

        Guess that explains Windows viruses, it's compiled by Microsoft, hardly a trusted source.

    • Re:Since 2001 (Score:4, Insightful)

      by Anne Thwacks ( 531696 ) on Sunday September 13, 2020 @02:17PM (#60502394)
      Researchers at Kaspersky

      I think they meant salesmen at Kaspersky.

      • I'm old enough to remember when anti-virus vendors were considered legit professionals and not a bunch of drug addicts and pedophiles.
    • I do believe Android is based on Linux.

      https://www.unixmen.com/why-is... [unixmen.com]

      I'm also quite certain that Android is quite vulnerable to malware.

      https://www.hellotech.com/blog... [hellotech.com]

      Linux is a operating system. It's a tool like any other and getting religious about it is foolish. Where it has become widely adopted by the masses it has had just as many virus / malware issues as any other operating system. Human nature doesn't change just because the operating system does.

      Yes, Linux can be fairly secure. As can Windows

      • Would you consider the user space of Android, with Java/ART and bionic to be GNU/Linux, LSB [linuxfoundation.org] or even SuS [unix.org]?

        Linux is technically just a kernel, and the operating system you put on top of it is composed of several open source projects. We imply more than just a kernel we we casually throw around the name "Linux", and that's an acceptable short hand if we agree on what it means. We're starting to talk about different things when glibc and bash and the typical layout of /etc /bin /usr and /tmp is taken out of the

        • You have an interesting point, one where you are technically correct - the best kind. Practically speaking you are effectively wrong for the simple reason that the masses use the common set of packages. They certainly think of those packages as part of the OS, even though they are technically not part of the OS.

          Think of it as being much akin to Windows core OS or server core OS. In theory you can use either one, in practice you are highly unlikely to find either one used much in the wild (I have seen a litt

  • sophisticated hackers and crooks are increasingly targeting Linux-based devices â" using tools specifically designed to exploit vulnerabilities in the platform,",

    Really? They're not using tools designed to exploit vulnerabilities in your mom?

    • sophisticated hackers and crooks are increasingly targeting Linux-based devices â" using tools specifically designed to exploit vulnerabilities in the platform,",

      Really? They're not using tools designed to exploit vulnerabilities in your mom?

      Don't know about them, but my mom runs NetBSD -- I think Cylons do too [informit.com].

      • by ebvwfbw ( 864834 )

        sophisticated hackers and crooks are increasingly targeting Linux-based devices â" using tools specifically designed to exploit vulnerabilities in the platform,",

        Really? They're not using tools designed to exploit vulnerabilities in your mom?

        Don't know about them, but my mom runs NetBSD -- I think Cylons do too [informit.com].

        Netbsd? LOL. Play that song - like it's 1999.
        Still lacks security controls Linux had almost 20 years ago like selinux. The mandatory access controls. Must mouth off like they did in 2007 and someone will port a bunch of hacks over to bsd again. It's painfully broken. Used to love BSD, 30 years ago. It's still great as a router.

  • by hyades1 ( 1149581 ) <hyades1@hotmail.com> on Sunday September 13, 2020 @12:12PM (#60502042)

    It's a sad fact that as Linux becomes more mainstream and increases its role as a foundation for various Microsoft and Apple applications, it will become a more attractive target for criminals. Unfortunately, just as that's happening, the supply of competent Linux people able to deal with their depredations will become diluted by a flood of job-seekers proudly brandishing "Leet Linux Skillz Wizard" certificates they earned in a three week night school course at the local community college.

    • Linux has been an attractive target for a VERY long time, as most anything of importance on the Internet has been protected by it. Being on the desktop doesn't make it suddenly appear on criminals' radars.

    • Unfortunately, just as that's happening, the supply of competent Linux people able to deal with their depredations will become diluted by a flood of job-seekers proudly brandishing "Leet Linux Skillz Wizard" certificates they earned in a three week night school course at the local community college.

      Why are you disparaging people trying to get into the field?

    • by Bert64 ( 520050 )

      The flood of barely qualified people has been a windows problem for a long time, and availability of staff has long been an argument against linux, considering only availability rather than competence.

      But Linux has long been an attractive target, and proprietary unix systems before that.

      A lot of companies put critical systems on linux, but they still maintain a typical windows environment for their desktops... It doesn't matter how secure the linux systems are if you can compromise the sysadmin's windows de

      • Excellent points. I've had contact with the Windows "experts" you mention. They rarely fail to disappoint.

        • by Bert64 ( 520050 )

          Yes, one of the benefits for linux was that it's rare for someone to claim to be a linux expert unless they actually are.
          But the downside, is that this makes it look like there are far less linux experts than windows experts.

          Once you filter out those idiots who are only claiming to be experts but really don't have a clue, the numbers even out a lot.

  • Hackers and crackers use linux. Honest and decent hackers should not turn on their own. You are suppozed to kilz the L@mErZ ya f3kin n00bz

    • by skids ( 119237 )

      Yeah when they say there are rootkits for Linux... of course... a rootkit is just an instrumented collection of net/exploit tools which are usually developed first under Linux since that's what hackers (of all hat colors) tend to prefer.

  • by renegade600 ( 204461 ) on Sunday September 13, 2020 @01:46PM (#60502310)

    in the meantime, Kaspersky has protection software they will sell you.

    • by Shimbo ( 100005 )

      in the meantime, Kaspersky has protection software they will sell you.

      Well yes, that's what antivirus vendors do. Doesn't mean most of the stuff they say, like enabling 2FA, isn't sensible.

  • by sjames ( 1099 ) on Sunday September 13, 2020 @02:09PM (#60502364) Homepage Journal

    Reading this, a question occurred to me, what would things look like if banks and vault makers faced the same lackluster police response to crime that OSes do. It's not that uncommon for bank robbers to get out of the bank with gobs of cash. What's uncommon is for them to keep getting away with it. Whether they rob another bank and get caught inside or they get hunted down wherever they're hiding, they tend to get caught sooner or later.

    This is clearly not how things go with cybercrime unless they try hacking a bank or an ATM.

    Yes, I realize it's harder to catch people when they don't have to commit their crimes in-person, but that doesn't negate the fact that all things banking related get more support against crime than IT.

    • And it's especially frustrating given that so many banks pay so little attention to security in the first place, particularly with authentication of customer logins.

    • by guruevi ( 827432 )

      I don't think you realize how much crime does not get pursued.

      You can literally rob a bank or (better yet) a jewelry store and unless you take hostages, you probably will not get caught, there may be a local investigation but unless you're really stupid, they won't find you. Hell, you can get arrested looting stores and a Biden campaign staffer that will have paid your bail.

      Once you start serializing your crimes and become more bolder and more dangerous and use the same patterns, will there be a more in dep

      • I've always thought that if one was going to rob a place, the place to rob would be a large grocery store. They deal with large amounts of cash and have very little security (or at least appear to) so the risk would be a lot less than trying to rob a harder target like a jewellery store or a bank, and the cash haul would probably be higher too.

        • by guruevi ( 827432 )

          They also deal with large amounts of people that could potentially help identify and recognize you and have a great amount of traffic and long distances between the cash and any getaway vehicle that makes escape a lot harder and slower.

          Most grocery stores also empty their cash drawers often precisely to avoid this situation (and sticky fingers), most cashiers have less than $500 on hand at any time and these days automated systems will even alert store security if they need to preemptively empty the registe

      • by sjames ( 1099 )

        Compare to the crypto-extortion rings that repeat the same MO for years, even using tools liberated from the NSA.

  • The modern world has stepped forward a lot, now everything can be done on the Internet without leaving home. On the one hand, this is good and very convenient, but on the other hand, it is a breeding ground for scammers' fantasies. Unfortunately, I have been caught on their provocations more than once and now I am very careful. Be sure to read the article https://kalilinuxtutorials.com... [kalilinuxtutorials.com], which describes this topic in an interesting way. We all understand that in the era of modern technology, when almost a
  • remember GNU ? (Score:4, Insightful)

    by hebertrich ( 472331 ) on Sunday September 13, 2020 @03:05PM (#60502472)

    Linux is a kernel .. not an ecosystem, Spread FUD about the kernel all you like by calling the whole shoebang Linux but that aint it. GNU/Linux anyone ?
    Kaspersky has been spreading FUD about Linux for almost two decades. Don't blame us for chuckling when , again, they are trying to scare people away from the platform. Somehow .. disinformation profits Windows and Mac so .. follow the moneytrail and wonder who is paying Kaspersky to make statements like these ?
    Guesses ? anyone ?

    If people run windows apps that are insecure wherever it's running on windows or macos or linux .. it will still be insecure.
    crappy software that look like swiss cheese will still be crappy software that look like swiss cheese.

    So don't blame GNU/Linux .. blame the software that idiots run onto it and blame the idiots that run such software on networks that are supposed to be secure.
    If you need security on your network and introduce software that can't pass an audit , software with known vulns , dont blame anyone if you're screwed.

    This is so idiotic at times that it makes me mad to hear anyone blame GNU/Linux when they themselves introduce the vulns that will screw them.

    • Re:remember GNU ? (Score:4, Informative)

      by bill_mcgonigle ( 4333 ) * on Sunday September 13, 2020 @04:42PM (#60502700) Homepage Journal

      > GNU/Linux anyone ?

      Stop trying to make GNU/Linux happen.

      It's obnoxious to the authors of all the standard system software that everybody expects to be there that's not a GNU project or under the GPL.

      The lInux desktop experience is a collaborative effort - among its contributors are GNU and Linus's team but there are so many other important ones who deserve recognition as well.

      • by tlhIngan ( 30335 )

        Stop trying to make GNU/Linux happen.

        It's obnoxious to the authors of all the standard system software that everybody expects to be there that's not a GNU project or under the GPL.

        While I'd agree, I'd also say there's plenty of Linux systems out there that's not GNU. Or even "standard" as you'd be familiar with.

        After all, Android is pretty much NOT a GNU system. Sure you have some GNU-like utilities at the command line, but at the application level, it's not GNU at all. It's not even POSIX.

        Sure you have som

    • There is nothing magic about GNU/Linux that makes it invulnerable to attack. The problem for Windows is usually the lazy and ignorant users. Linux users tend to be aware of security issues, and Linux distributions discourage bad security practices. These precautions would be too irritating or difficult for the average Windows user, so I guess Windows systems tend to have weak security.

      However, as Linux works its way into mainstream desktop uses, it will fall into the hands of the less savvy users, who are m

  • This should be no surprise given recent trends in the major Linux distributions and Linus' emphasis on features over security. Of the primary trends weakening Linux security 1) systemd and 2) Ubuntu 20 snap are the most significant. Containers are #3. While Docker images aren't handicapped by systemd most have their own security issues. Even nominally secure Docker images have problems with "container-ops" failure to patch, monitor and otherwise treat container security as something that can be achieved
  • Looking on the bright side, this piece of news does support the idea that there year of the Linux desktop is finally upon us. As if 2020 accepted the challenge that it wouldn't possibly get any weirder...
  • Kaspersky Lab a Russian company wants to have their proprietary security products loaded on Linux servers in the US to enhance security.
    Is anyone taking this seriously? It is a joke. Todays guidence is to remove their products where ever installed on US servers.
    Install their products and you won't have to worry about being hacked. You already left the barn door open and the cows are gone.
  • After all these years I'm getting tired of the complexity creep in Linux.
    When we say Linux, we don't just mean the kernel,
    it's the whole ecosystem and it's getting bloated.
    Hello OpenBSD.
    Much stronger security, much easier configuration.
    Smaller, more straightforward.

  • What a total non-story. Unless these “tools” can get on your computer without user action such as downloading and installing compromised software, then the story is entirely specious.
  • So long as that code is GPL-compliant, go for it! The malware might even get forked and improved. It'd be nice if they add a runtime option for C&C as well, that way you can point it to your favorite one, kind of like a Facebook like!

Every cloud has a silver lining; you should have sold it, and bought titanium.

Working...