Up close and personal with Linux malware

[labbe5]

https://www.welivesecurity.com/2020/02/ ... ux-malware

Chances are that the very word ‘Linux’ conjures up images of near-impenetrable security. However, Linux-based computer systems and applications running on them increasingly end up in the crosshairs of bad actors, and recent years have seen discoveries of a number of malicious campaigns that hit Linux systems, including botnets that were made up of thousands of Linux servers. These mounting threats have challenged the conventional thinking that Linux is more or less spared the problems that affect other operating systems, particularly Windows.

The Linux malware threat landscape for 2020 is pretty similar to what we’ve seen over the last few years. We know that Ebury, the OpenSSH backdoor used in Operation Windigo, is still being updated and used in the wild in 2020. New samples were seen over the last month. A few years ago, there was also a spike in Linux malware targeting routers and other Linux-based peripherals – for example, Mirai and all its variants, and Moose. We hear less about these threats lately and I hope it’s because internet service providers (ISPs) and vendors have done a better job of securing these devices and are avoiding exposing remote administration access with default passwords.

A lot of people think of Linux as an operating system with superior security compared to all the others. In 2020, I don’t think this is something that we can assert. Both Microsoft and Apple have put lots of effort into securing their platforms. For example, embedded code signatures in executable files and enforcing valid signatures for key system and device driver functionality is something that’s been available on Windows and macOS for years, while on Linux, it still is not widespread. I’m not saying Linux is insecure, but rather, like the other platforms, it has its strengths and weaknesses and certainly should not be considered bulletproof.