According to Kaspersky Lab, more and more hacker groups make targeted attacks to Linux devices using specially designed tools. The researchers write that over the past eight years, more than ten developed hack groups have carried out such operations, including Barium, Sofacy, Lamberts, Equation, TwoSail Junk with LightSpy and WellMess malware.
Malicious tools targeting Linux systems allow attackers to make attacks more effective and infect more devices, as well as hide if an attack is detected at additional points such as developer desktops, servers, and corporate IoT.
Companies around the world, as well as government agencies, are increasingly using Linux, according to the study. This is due to the proliferation of virtualization and containerization technologies. In addition, in some organizations, Linux is the dominant desktop environment when it comes to dealing with sensitive data.
According to experts, a false sense of security creates a common myth that this operating system is not susceptible to cyber threats. Of course, targeted attacks on Linux systems are not very common so far, but every major hack group already creates Linux-specific malware such as web shells, backdoors, rootkits, and even customized exploits.
Such attacks, despite their small number or, conversely, thanks to it, are very successful and difficult to detect. As a result, attackers not only gain access to the infected device, but also the ability to infiltrate other devices running Windows and macOS, which opens up wide opportunities for them.
For example, Kaspersky Lab experts recently talked about the MATA multi-platform framework. In addition, in June 2020, researchers analyzed several Linux malware samples used by the Lazarus group in Operation AppleJeus and TangoDaiwbo, which were carried out to cyber espionage and steal money.
“We have seen many times how the toolkits used to carry out sophisticated attacks improve, and malware for Linux devices is no exception. Today, IT and information security departments use this operating system more often than before to reduce costs and create a highly scalable infrastructure. Attackers, on the other hand, create sophisticated malicious tools for Linux, because it is often on such machines that the data most interesting to attackers is processed. We recommend that information security experts take this into account and implement additional measures to protect servers and workstations, "says Yuri Namestnikov, head of the Russian research center at Kaspersky Lab.