• Latest
  • Trending
Linux-based Malware Requires Linux Focused Cybersecurity

Linux-based Malware Requires Linux Focused Cybersecurity

December 8, 2021
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 9 June, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Linux-based Malware Requires Linux Focused Cybersecurity

by ITECHNEWS
December 8, 2021
in Opinion
0 0
0
Linux-based Malware Requires Linux Focused Cybersecurity

Linux is a pervasive operating system for good reason. It’s lightweight, flexible, open source, and supports multiple architectures, all of which present great opportunity to innovate and deliver software and services.

In the device world, Linux is ideal for IoT because there’s no heavy GUI. It can be optimized for hardware-level workloads, and the licensing makes it easy for redistribution. Plus, the extensive open source community may have already coded something that suits the needs of a device maker and that can be plugged right in.

YOU MAY ALSO LIKE

Making Biometrics Work: 3 Ways To Jumpstart the Process

How to prevent cyberbullying: Keeping students safe

The same benefits apply when considering Linux for the cloud. As of 2017, Linux was running 90% of public cloud workloads.

But while Linux itself may be more secure than other operating systems, no OS is really secure on its own. Vulnerabilities are a fact of life, whether it’s an actual software vulnerability, an implementation flaw or otherwise. Indeed, we’ve seen increased interest by cyber-criminals in attacking Linux over recent months and years.

Because of its flexible, open source nature, Linux offers some of the same conveniences for attackers as it does for legitimate developers and service providers.

Yes, one could use customizable malware targeting Linux to infect cloud workloads, databases, and endpoints like mobile devices, connected cameras, cars, and heavy equipment. For Linux, however, you actually don’t really need malware. The Linux shell provides nearly everything an attacker would need from malware anyway. A well-written Linux script is as powerful as any malware, and much easier to obfuscate.

As of 2017, Linux was running 90% of public cloud workloads

If a sophisticated attacker wanted to thoroughly infiltrate a target organization, a potential attack could be designed like this:

  • Use a point of entry (possibly through an unsecured mobile device) to scan the network and find what Linux-based systems are running
  • Customize a Linux script to integrate with each implementation used by critical systems. This could be done by adjusting the script to target the commands and structure of each or buying actual malware variants for each target
  • Run the script to infect each system to encrypt and ransom data, or exfiltrate data to sell as PII or for industrial espionage

With this type of attack, a criminal can simultaneously target and infect all types of critical systems across a corporate environment. A pervasive, laterally moving attack could happen with separate tools for each target by using a shell script slightly modified to infect each system at the OS level.

Think about the criticality of business data stored in cloud workloads and databases. According to a Forrester study in 2019, businesses are expected to spend $12.6 billion on cloud security tools by 2023 to protect this critical data.

Cloud computing is used by consumers and businesses in all industries and in organizations of all sizes, representing a broad attack surface. Most cloud services are built in a secure manner, but the Shared Responsibility Model of cloud services means that the cloud provider and the customer both have responsibilities for securing the environment and the data within. Misconfigurations or errors can leave organizations and their users exposed. 

Businesses are expected to spend $12.6 billion on cloud security tools by 2023

Forrester

It is well-known that IoT devices are fallible. Across all use cases and device types, connected devices with embedded Linux-based systems provide a viable target for exploitation, and we know cyber-criminals are exploring how to monetize IoT attacks. As an industry, we spend so much time protecting an employee’s laptop because an attacker could use the endpoint to traverse the network into critical systems running Linux.

After COVID-19, remote working is likely here to stay for many companies globally. This means even more work running in the cloud, and more people buying smart IoT devices to stay connected at home. The risk from attacks on this OS are only increasing. Just about everyone is, or will be, exposed in some way to Linux.

All of this begs the question: How is there so little focus on protecting Linux-based systems when there’s so much opportunity for attackers? The cloud and IoT markets will continue to grow, and criminal interest is likely to follow. With Linux as the common thread, how could we not see an increase in Linux-based malware in the near future?

The solution to this is something every organization needs to be thinking about as part of their overall security strategy. All organizations should work to protect the single common thread across mission critical systems and platforms: Linux. 

Erin Sindelar Threat Researcher & Communicator, Trend Micro

ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023

Recent News

  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version