Linux systems are no longer considered to be impregnable and are now being targeted by cybercriminals. It has become seemingly easy to launch attacks on Linux-based workstations in the last few years, starting from web shells, backdoors, rootkits to custom-made exploits.
Researchers have pointed out that through fileless malware installation technique that was more commonly used against Windows-based systems several threat actors and their acolytes have started targeting Linux machines. Team TNT has been at the forefront using the new Ezuri downloader to decrypt, install and execute a final malware payload from memory, without ever writing to disk.
According to various researchers, due to its usages across various critical devices, Linux is becoming an increasingly popular target among ransomware attackers. A recently discovered ransomware variant of RansomwareEXX ransomware that was designed only to target Linux systems has been leading the charge against the operating system. On deployment, the variant generates a 256-bit key and uses it to encrypt all the files belonging to the targeted victim.
More Information –
- A new cryptominer bot was discovered by researchers recently called the PGMiner targeting Linux-based servers that support PostgreSQL databases.
- The botnet was used to illegally mine Monero cryptocurrency from targeted systems.
- Several other Linux-based botnets were also observed last year, such as a variant of Stantinko botnet and InterPlanetary Storm, attempting to mine cryptocurrencies and deliver malware.
With attacks originating from sophisticated threat actors, Linux systems are seeing a noticeable increase in cyberattacks. Some examples include Barium, Sofacy, Lamberts, Turla, and Equation. It has been claimed by researchers that enhancing APT toolsets will give threat actors more ability to penetrate into such systems. The prevention of these attacks lies in the way organizations implement threat intelligence-based proactive security measures to protect their servers and workstations.
To read more, please check eScan Blog
