• Latest
  • Trending
Linux-based Malware Requires Linux Focused Cybersecurity

Linux-based Malware Requires Linux Focused Cybersecurity

December 8, 2021
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
Airtel Africa Purchases $42M Worth of Additional Spectrum

Airtel Africa Purchases $42M Worth of Additional Spectrum

July 15, 2022
Huawei steps up drive for Kenyan talent

Huawei steps up drive for Kenyan talent

July 15, 2022
TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

TSMC predicts Q3 revenue boost thanks to increased iPhone 13 demand

July 15, 2022
Facebook to allow up to five profiles tied to one account

Facebook to allow up to five profiles tied to one account

July 15, 2022
Top 10 apps built and managed in Ghana

Top 10 apps built and managed in Ghana

July 15, 2022
MTN Group to Host the 2nd Edition of the MoMo API Hackathon

MTN Group to Host the 2nd Edition of the MoMo API Hackathon

July 15, 2022
KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

KIOXIA Introduce JEDEC XFM Removable Storage with PCIe/NVMe Spec

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Monday, 30 January, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Linux-based Malware Requires Linux Focused Cybersecurity

by ITECHNEWS
December 8, 2021
in Opinion
0 0
0
Linux-based Malware Requires Linux Focused Cybersecurity

Linux is a pervasive operating system for good reason. It’s lightweight, flexible, open source, and supports multiple architectures, all of which present great opportunity to innovate and deliver software and services.

In the device world, Linux is ideal for IoT because there’s no heavy GUI. It can be optimized for hardware-level workloads, and the licensing makes it easy for redistribution. Plus, the extensive open source community may have already coded something that suits the needs of a device maker and that can be plugged right in.

YOU MAY ALSO LIKE

Making Biometrics Work: 3 Ways To Jumpstart the Process

How to prevent cyberbullying: Keeping students safe

The same benefits apply when considering Linux for the cloud. As of 2017, Linux was running 90% of public cloud workloads.

But while Linux itself may be more secure than other operating systems, no OS is really secure on its own. Vulnerabilities are a fact of life, whether it’s an actual software vulnerability, an implementation flaw or otherwise. Indeed, we’ve seen increased interest by cyber-criminals in attacking Linux over recent months and years.

Because of its flexible, open source nature, Linux offers some of the same conveniences for attackers as it does for legitimate developers and service providers.

Yes, one could use customizable malware targeting Linux to infect cloud workloads, databases, and endpoints like mobile devices, connected cameras, cars, and heavy equipment. For Linux, however, you actually don’t really need malware. The Linux shell provides nearly everything an attacker would need from malware anyway. A well-written Linux script is as powerful as any malware, and much easier to obfuscate.

As of 2017, Linux was running 90% of public cloud workloads

If a sophisticated attacker wanted to thoroughly infiltrate a target organization, a potential attack could be designed like this:

  • Use a point of entry (possibly through an unsecured mobile device) to scan the network and find what Linux-based systems are running
  • Customize a Linux script to integrate with each implementation used by critical systems. This could be done by adjusting the script to target the commands and structure of each or buying actual malware variants for each target
  • Run the script to infect each system to encrypt and ransom data, or exfiltrate data to sell as PII or for industrial espionage

With this type of attack, a criminal can simultaneously target and infect all types of critical systems across a corporate environment. A pervasive, laterally moving attack could happen with separate tools for each target by using a shell script slightly modified to infect each system at the OS level.

Think about the criticality of business data stored in cloud workloads and databases. According to a Forrester study in 2019, businesses are expected to spend $12.6 billion on cloud security tools by 2023 to protect this critical data.

Cloud computing is used by consumers and businesses in all industries and in organizations of all sizes, representing a broad attack surface. Most cloud services are built in a secure manner, but the Shared Responsibility Model of cloud services means that the cloud provider and the customer both have responsibilities for securing the environment and the data within. Misconfigurations or errors can leave organizations and their users exposed. 

Businesses are expected to spend $12.6 billion on cloud security tools by 2023

Forrester

It is well-known that IoT devices are fallible. Across all use cases and device types, connected devices with embedded Linux-based systems provide a viable target for exploitation, and we know cyber-criminals are exploring how to monetize IoT attacks. As an industry, we spend so much time protecting an employee’s laptop because an attacker could use the endpoint to traverse the network into critical systems running Linux.

After COVID-19, remote working is likely here to stay for many companies globally. This means even more work running in the cloud, and more people buying smart IoT devices to stay connected at home. The risk from attacks on this OS are only increasing. Just about everyone is, or will be, exposed in some way to Linux.

All of this begs the question: How is there so little focus on protecting Linux-based systems when there’s so much opportunity for attackers? The cloud and IoT markets will continue to grow, and criminal interest is likely to follow. With Linux as the common thread, how could we not see an increase in Linux-based malware in the near future?

The solution to this is something every organization needs to be thinking about as part of their overall security strategy. All organizations should work to protect the single common thread across mission critical systems and platforms: Linux. 

Erin Sindelar Threat Researcher & Communicator, Trend Micro

ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022

Recent News

  • Inaugural AfCFTA Conference on Women and Youth in Trade September 6, 2022
  • Instagram fined €405m over children’s data privacy September 6, 2022
  • 5.7bn data entries found exposed on Chinese VPN August 18, 2022
  • Fibre optic interconnection linking Cameroon and Congo now operational July 15, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version