Kaspersky Warns Intruders are Targeting Linux Workstations and Servers

Researchers at Kaspersky "have warned that sophisticated hackers and crooks are increasingly targeting Linux-based devices — using tools specifically designed to exploit vulnerabilities in the platform," reports TechRepublic: While Windows tends to be more frequently targeted in mass malware attacks, this is not always the case when it comes to advanced persistent threats (APTs), in which an intruder — often a nation-state or state-sponsored group — establishes a long-term presence on a network. According to Kaspersky, these attackers are increasingly diversifying their arsenals to contain Linux tools, giving them a broader reach over the systems they can target.

Many organisations choose Linux for strategically important servers and systems, and with a "significant trend" towards using Linux as a desktop environment by big business as well as government bodies, attackers are in turn developing more malware for the platform... According to Kaspersky, over a dozen APT actors have been observed to use Linux malware or some Linux-based modules. Most recently, this has included the LightSpy and WellMess malware campaigns, both of which targeted both Windows and Linux devices. The LightSpy malware was also found to be capable of targeting iOS and Mac devices.

While targeted attacks on Linux-based systems are still uncommon, a suite of webshells, backdoors, rootkits and custom-made exploits are readily available to those that seek to use them. Kaspersky also suggested that the small number of recorded attacks was not representative of the danger they posed, pointing out that the compromise of a single Linux server "often leads to significant consequences", as the malware travelled through the network to endpoints running Windows or macOS, "thus providing wider access for attackers which might go unnoticed".

He comes the Wolf! - cried the boy

[franzrogar]

So... resuming: the supposed danger does basically nothing in Linux and the REAL issue is that they use it to attack Windows and iOS attached to it...

WOW!

Re:He comes the Wolf! - cried the boy

[Waffle Iron]

Correct. Because Linux is not used to do any of the important work, only as server or routing functions. All important applications and data and the mission-critical information resides on Windows machines.

This is purely Linux's fault. Linux still refuses to add support to run the Excel macros which are responsible for processing almost all of today's enterprise data.

Wow....

[arfonrg]

1) "Linux still refuses to add support to run the Excel macros" - 'Linux' doesn't add any user features, userland is for users to support.

2) ZERO enterprise operations use Excel for ANY enterprise data. Excel is NOT a database. It's a crappy user data tool. Enterprise operation mostly use Oracle ((and Oracle DOES support Linux).

Re:

[Alumoi]

Whoosh!

Re:

[HiThere]

Well, 1) was correct, though a bit of a "Whoosh!", however 2) is wrong. You should have said "ZERO enterprise operations should use Excel for ANY enterprise data.". Unfortunately, those decisions are often made by people who don't/won't understand why Excel is not a good choice. (I don't think Oracle's a good choice, either. Or at least not usually.)

Re:

[Cmdln Daco]

These decisions are made by people who actually create, manipulate, and use data. Not the IT custodians who maintain the equipment.

We will never go back to the days when the IT wizards were in charge of data processing and mere mortalsvhad to wait for their printout at the half door to the room containing the mainframe they were never allowed to touch. Every employee has data processing power now.

Re:

[raymorris]

The post you replied to is +4 Funny.

Because managers use Excel for all kinds of crap that really, really should be in a proper database. But, as Windows users, they only know how to click the mouse button - THE button, that other button on the right confuses them. So "select email from customers" is WAY too complicated for them.

Re:

[SkonkersBeDonkers]

Remember MS Access, it was another where executive types would themselves or have totally unqualified clerical staff create what would eventually become mission critical systems that would of course also eventually blow up and cause a major crisis.

My tongue in cheek rule of thumb used to be: if you think you need Excel then you really need Access and if you think you need Access then you really need a team of professional developers.

Re:

[Rick Schumann]

True story: somewhere I used to work had a PLL bandwidth measuring instrument that cost at least 5 digits if not 6. The 'application' to analyze and present the test data from the instrument was an Excel spreadsheet running Visual Basic code embedded in it. This was something created by engineers at Agilent, mind you.

Re:

[Cmdln Daco]

Why not? Tektronix made some really nice oscilloscopes at one point that ran Windows 98.

As long as it's an embedded system, its no different than a company that chooses QNX or embedded OS/2.

Re:

[Rick Schumann]

I don't think I explained it properly: you had to have Excel on a host computer to run their Visual Basic embedded spreadsheet to crunch the data from the instrument. It was ridiculous. Half the time it wouldn't work.

Re:

[nightflameauto]

When I worked at Gateway the had the entire service department "database" running on Access. I can still hear the manager yelling, "DATABASE IS DOWN! EVERYBODY OUT!" because he had to say it at least three times a day while the IT department unlocked the write access because too many people were in it at a time.

You'd think a computer company would have had more intelligence than that, but that's where they landed.

Re:

[Rick Schumann]

You have to remember: if you consider all computer end-users all over the world of all ages and demographics, then 99+% of them are in the 'monkey button-pusher' category; they have no idea how the computer they're using works, it may as well be magic so far as it concerns them, and when it breaks they're utterly helpless and have to call someone or pay someone to fix it for them, even if it's something you and I would need less than a minute to take care of. They're the same people who used to have (or sti

Re:

[NormalVisual]

and who just click 'reply all' on an email despite being told 1,000,000 times not to do it.

We had that happen at work a few weeks back, on an 11,000-member mailing list - hilarity ensued (unless you were IT or the list manager). However, what's even worse are the folks that will "reply all" to tell everyone else not to do that.

Re:

[Cmdln Daco]

then 99+% of them are in the 'monkey button-pusher' category;

Does that include you? How does the DMA controller in your computer function? What interrupts does it issue? How many wait states does you processor need to insert when it fetches from dynamic RAM?

Chop-chop now. We need answers to the above.

If you don't understand the function of the equipmen all the way up from the reset vector, (and I mean also the reset vector in the embedded controller that controls the motor speed of your hard drive) then you are just a button pressing monkey, too.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[eneville]

and Oracle DOES support Linux)

Yes, if you pay for that https://www.oracle.com/linux/s... [oracle.com].

Re:

[Shades72]

As far as I know, you are allowed to download and use Oracle Linux for free.

Had to use that (v7.something) a year, maybe 2 back for an Oracle database performance test. That experience was actually quite good.

It is the reason I now run Linux permanently on my laptop (not yet on my desktop). Anyway, your link seems to go to a page where you can buy support from Oracle for their cloud-based solution.

And as you make use of their hard- and software, it seems fair that they charge you money for the privilege.

Hav

Re:

[eneville]

I'm not suggestion that anyone should want to pay oracle for support. I'm just pointing out that they do in fact support Oracle Enterprise Linux, which is pretty much CentOS with a more recent kernel.

Also, they charged less than RH for Oracle Enterprise Linux support last time I checked.

I don't think I've ever logged a ticket with either for Linux help so can't comment on value for money there.

Re:

[Rick Schumann]

Somebody doesn't get sarcasm; can you guess who that is?

Re:

[shanen]

Skin has nothing to do with it. Trolls with mod points make you a troll.

Don't hold your breath waiting for better moderation, eh?

Re:

[stabiesoft]

Might be a good thing. https://www.wired.com/story/mi... [wired.com] Seems like using those macros as an attack vector is a thing. I googled excel spreadsheet macros exploits and got the above as just one of many many many results. And the results are not 10 years old. They are current.

Re:

[OpinOnion]

The problem with Linux is that anybody with money can easily infiltrate the developer network and there isn't enough money in open source to actually audit massive amounts of code enough, which was kind of part of the promise of it's benefit. SURE, the code is there to look at, but as your develop an OS that's millions of lines of code interacting with each other the ONLY way to keep it secure is to constantly audit the code and there isn't even enough money in the private sector to get that done. We've s

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[theshowmecanuck]

Interesting point. How do you know countries or criminal organizations haven't bribed or blackmailed developers who work for proprietary companies? If they have lots of money, they can pay for people wherever they want. So your argument is kind of moot.

Re:

[rtb61]

Dude who the fuck looks at the code, you simply compare it to an earlier safe version and check all the code that changed, not the rest of it. You do not reinvent the wheel over and over again.

What Kaspersky wants to do is work on the offensive side of defence. You can not have a good defence without a good offence. That means designing honey pot specfic software that runs attackable virtual machines on a network to draw in attacks and once at attack is registered, depending upon type, the authorities can i

Re:

[markdavis]

>"Correct. Because Linux is not used to do any of the important work, only as server or routing functions. All important applications and data and the mission-critical information resides on Windows machines."

There are problems with making such broad-sweeping and absolute statements. You need a tour of where I work. Almost 100% Linux- servers, hundreds of workstations, routers, storage, firewalls, carts, phone system, WiFi access points, HVAC, door monitoring system, paging system, even the electronic

Re:

[WierdUncle]

At my place of work, most engineers and software developers run Linux. Windows is for the sales and admin people. We migrated our specialist access control software from Windows to Linux years ago, so our customers are running Linux too.

In fact, I am not sure where things stand with sales and admin computers at work. Maybe much of that has moved to Linux now. Our sales people are not exactly nerdy, but certainly intelligent and practical.

This Linux on the desktop thing kind of creeps up on you. There is no

Re:

[whitroth]

ROTFLMAO!!!

That's the stupidest and most ignorant line I've seen yet today.

Let's see, well over half of the entire Internet runs on Linux.
You don't think google or Amazon run Windows on their servers, or for searching, do you?

You do?

ROTFLMAOKMFITA!!!!!!!!!!!!

Significant trend towards desktop

[ssufficool]

Significant... You keep using that word. I do not think it means what you think it means.

Since 2001

[Insanity Defense]

Kaspersky has been forecasting a coming Tsunami of linux viruses since 2001. So I doubt anything they say on the topic as their predictions on this topic have been uniformly failures.

Re:

[phantomfive]

It's hard for viruses to spread if everything is compiled by a trusted source. It's hard for worms to spread if you have a good firewall.

Re:

[OpinOnion]

Compiling doesn't mean there won't be stuff planted in the code. The code has to be audited by people who aren't just the development team and most projects don't have the resources to keep that up. Low budget open source projects have even less money to audit the code and that's the real problem. Mission critical code has to be audited on a regular basis, especially when updated. Most development teams to practice secure enough principles in writing and sharing code. It can't be that hard to get a state a

Re:

[phantomfive]

Compiling doesn't mean there won't be stuff planted in the code.

It means it won't spread the way a normal virus spreads, by executables attaching pieces of themselves to executables.

Re:Since 2001 ;)

[Insanity Defense]

It's hard for viruses to spread if everything is compiled by a trusted source.

Guess that explains Windows viruses, it's compiled by Microsoft, hardly a trusted source.

Re:Since 2001

[Anne Thwacks]

Researchers at Kaspersky

I think they meant salesmen at Kaspersky.

Re:

[h33t l4x0r]

I'm old enough to remember when anti-virus vendors were considered legit professionals and not a bunch of drug addicts and pedophiles.

Re:

[onyxruby]

I do believe Android is based on Linux.

https://www.unixmen.com/why-is... [unixmen.com]

I'm also quite certain that Android is quite vulnerable to malware.

https://www.hellotech.com/blog... [hellotech.com]

Linux is a operating system. It's a tool like any other and getting religious about it is foolish. Where it has become widely adopted by the masses it has had just as many virus / malware issues as any other operating system. Human nature doesn't change just because the operating system does.

Yes, Linux can be fairly secure. As can Windows

I hate to be ANL (Android is Not Linux)

[OrangeTide]

Would you consider the user space of Android, with Java/ART and bionic to be GNU/Linux, LSB [linuxfoundation.org] or even SuS [unix.org]?

Linux is technically just a kernel, and the operating system you put on top of it is composed of several open source projects. We imply more than just a kernel we we casually throw around the name "Linux", and that's an acceptable short hand if we agree on what it means. We're starting to talk about different things when glibc and bash and the typical layout of /etc /bin /usr and /tmp is taken out of the

Re:

[onyxruby]

You have an interesting point, one where you are technically correct - the best kind. Practically speaking you are effectively wrong for the simple reason that the masses use the common set of packages. They certainly think of those packages as part of the OS, even though they are technically not part of the OS.

Think of it as being much akin to Windows core OS or server core OS. In theory you can use either one, in practice you are highly unlikely to find either one used much in the wild (I have seen a litt

No shit?

[drinkypoo]

sophisticated hackers and crooks are increasingly targeting Linux-based devices â" using tools specifically designed to exploit vulnerabilities in the platform,",

Really? They're not using tools designed to exploit vulnerabilities in your mom?

Re:

[fahrbot-bot]

sophisticated hackers and crooks are increasingly targeting Linux-based devices â" using tools specifically designed to exploit vulnerabilities in the platform,",

Really? They're not using tools designed to exploit vulnerabilities in your mom?

Don't know about them, but my mom runs NetBSD -- I think Cylons do too [informit.com].

Re:

[ebvwfbw]

sophisticated hackers and crooks are increasingly targeting Linux-based devices â" using tools specifically designed to exploit vulnerabilities in the platform,",

Really? They're not using tools designed to exploit vulnerabilities in your mom?

Don't know about them, but my mom runs NetBSD -- I think Cylons do too [informit.com].

Netbsd? LOL. Play that song - like it's 1999.
Still lacks security controls Linux had almost 20 years ago like selinux. The mandatory access controls. Must mouth off like they did in 2007 and someone will port a bunch of hacks over to bsd again. It's painfully broken. Used to love BSD, 30 years ago. It's still great as a router.

Re:

[fahrbot-bot]

That's why they are criminals. They seek to steal information and/or money.

They could be politicians -- wait, just re-read your first sentence.

This will probably get even worse

[hyades1]

It's a sad fact that as Linux becomes more mainstream and increases its role as a foundation for various Microsoft and Apple applications, it will become a more attractive target for criminals. Unfortunately, just as that's happening, the supply of competent Linux people able to deal with their depredations will become diluted by a flood of job-seekers proudly brandishing "Leet Linux Skillz Wizard" certificates they earned in a three week night school course at the local community college.

Re:

[StormReaver]

Linux has been an attractive target for a VERY long time, as most anything of importance on the Internet has been protected by it. Being on the desktop doesn't make it suddenly appear on criminals' radars.

Re:

[MijoBijo]

Unfortunately, just as that's happening, the supply of competent Linux people able to deal with their depredations will become diluted by a flood of job-seekers proudly brandishing "Leet Linux Skillz Wizard" certificates they earned in a three week night school course at the local community college.

Why are you disparaging people trying to get into the field?

Re:

[hyades1]

Why do you ask...are you one of them?

Re:

[Bert64]

The flood of barely qualified people has been a windows problem for a long time, and availability of staff has long been an argument against linux, considering only availability rather than competence.

But Linux has long been an attractive target, and proprietary unix systems before that.

A lot of companies put critical systems on linux, but they still maintain a typical windows environment for their desktops... It doesn't matter how secure the linux systems are if you can compromise the sysadmin's windows de

Re:

[hyades1]

Excellent points. I've had contact with the Windows "experts" you mention. They rarely fail to disappoint.

Re:

[Bert64]

Yes, one of the benefits for linux was that it's rare for someone to claim to be a linux expert unless they actually are.
But the downside, is that this makes it look like there are far less linux experts than windows experts.

Once you filter out those idiots who are only claiming to be experts but really don't have a clue, the numbers even out a lot.

Bad Form Gentlemen

[Shaitan]

Hackers and crackers use linux. Honest and decent hackers should not turn on their own. You are suppozed to kilz the L@mErZ ya f3kin n00bz

Re:

[skids]

Yeah when they say there are rootkits for Linux... of course... a rootkit is just an instrumented collection of net/exploit tools which are usually developed first under Linux since that's what hackers (of all hat colors) tend to prefer.

Re:

[sound+vision]

I'd rather beat my Meete.

in the meantime

[renegade600]

in the meantime, Kaspersky has protection software they will sell you.

Re:

[Shimbo]

in the meantime, Kaspersky has protection software they will sell you.

Well yes, that's what antivirus vendors do. Doesn't mean most of the stuff they say, like enabling 2FA, isn't sensible.

Minor tangent

[sjames]

Reading this, a question occurred to me, what would things look like if banks and vault makers faced the same lackluster police response to crime that OSes do. It's not that uncommon for bank robbers to get out of the bank with gobs of cash. What's uncommon is for them to keep getting away with it. Whether they rob another bank and get caught inside or they get hunted down wherever they're hiding, they tend to get caught sooner or later.

This is clearly not how things go with cybercrime unless they try hacking a bank or an ATM.

Yes, I realize it's harder to catch people when they don't have to commit their crimes in-person, but that doesn't negate the fact that all things banking related get more support against crime than IT.

Re:

[NormalVisual]

And it's especially frustrating given that so many banks pay so little attention to security in the first place, particularly with authentication of customer logins.

Re:

[guruevi]

I don't think you realize how much crime does not get pursued.

You can literally rob a bank or (better yet) a jewelry store and unless you take hostages, you probably will not get caught, there may be a local investigation but unless you're really stupid, they won't find you. Hell, you can get arrested looting stores and a Biden campaign staffer that will have paid your bail.

Once you start serializing your crimes and become more bolder and more dangerous and use the same patterns, will there be a more in dep

Re:

[innocent_white_lamb]

I've always thought that if one was going to rob a place, the place to rob would be a large grocery store. They deal with large amounts of cash and have very little security (or at least appear to) so the risk would be a lot less than trying to rob a harder target like a jewellery store or a bank, and the cash haul would probably be higher too.

Re:

[guruevi]

They also deal with large amounts of people that could potentially help identify and recognize you and have a great amount of traffic and long distances between the cash and any getaway vehicle that makes escape a lot harder and slower.

Most grocery stores also empty their cash drawers often precisely to avoid this situation (and sticky fingers), most cashiers have less than $500 on hand at any time and these days automated systems will even alert store security if they need to preemptively empty the registe

Re:

[sjames]

Compare to the crypto-extortion rings that repeat the same MO for years, even using tools liberated from the NSA.

cyber crime

[Forrounce]

The modern world has stepped forward a lot, now everything can be done on the Internet without leaving home. On the one hand, this is good and very convenient, but on the other hand, it is a breeding ground for scammers' fantasies. Unfortunately, I have been caught on their provocations more than once and now I am very careful. Be sure to read the article https://kalilinuxtutorials.com... [kalilinuxtutorials.com], which describes this topic in an interesting way. We all understand that in the era of modern technology, when almost a

remember GNU ?

[hebertrich]

Linux is a kernel .. not an ecosystem, Spread FUD about the kernel all you like by calling the whole shoebang Linux but that aint it. GNU/Linux anyone ?
Kaspersky has been spreading FUD about Linux for almost two decades. Don't blame us for chuckling when , again, they are trying to scare people away from the platform. Somehow .. disinformation profits Windows and Mac so .. follow the moneytrail and wonder who is paying Kaspersky to make statements like these ?
Guesses ? anyone ?

If people run windows apps that are insecure wherever it's running on windows or macos or linux .. it will still be insecure.
crappy software that look like swiss cheese will still be crappy software that look like swiss cheese.

So don't blame GNU/Linux .. blame the software that idiots run onto it and blame the idiots that run such software on networks that are supposed to be secure.
If you need security on your network and introduce software that can't pass an audit , software with known vulns , dont blame anyone if you're screwed.

This is so idiotic at times that it makes me mad to hear anyone blame GNU/Linux when they themselves introduce the vulns that will screw them.

Re:remember GNU ?

[bill_mcgonigle]

> GNU/Linux anyone ?

Stop trying to make GNU/Linux happen.

It's obnoxious to the authors of all the standard system software that everybody expects to be there that's not a GNU project or under the GPL.

The lInux desktop experience is a collaborative effort - among its contributors are GNU and Linus's team but there are so many other important ones who deserve recognition as well.

Re:

[tlhIngan]

Stop trying to make GNU/Linux happen.

It's obnoxious to the authors of all the standard system software that everybody expects to be there that's not a GNU project or under the GPL.

While I'd agree, I'd also say there's plenty of Linux systems out there that's not GNU. Or even "standard" as you'd be familiar with.

After all, Android is pretty much NOT a GNU system. Sure you have some GNU-like utilities at the command line, but at the application level, it's not GNU at all. It's not even POSIX.

Sure you have som

Re:

[WierdUncle]

There is nothing magic about GNU/Linux that makes it invulnerable to attack. The problem for Windows is usually the lazy and ignorant users. Linux users tend to be aware of security issues, and Linux distributions discourage bad security practices. These precautions would be too irritating or difficult for the average Windows user, so I guess Windows systems tend to have weak security.

However, as Linux works its way into mainstream desktop uses, it will fall into the hands of the less savvy users, who are m

Correlated Linux Trends

[rrjj]

This should be no surprise given recent trends in the major Linux distributions and Linus' emphasis on features over security. Of the primary trends weakening Linux security 1) systemd and 2) Ubuntu 20 snap are the most significant. Containers are #3. While Docker images aren't handicapped by systemd most have their own security issues. Even nominally secure Docker images have problems with "container-ops" failure to patch, monitor and otherwise treat container security as something that can be achieved

Bright side

[aRTeeNLCH]

Looking on the bright side, this piece of news does support the idea that there year of the Linux desktop is finally upon us. As if 2020 accepted the challenge that it wouldn't possibly get any weirder...

With the election coming

[oldgraybeard]

Kaspersky Lab a Russian company wants to have their proprietary security products loaded on Linux servers in the US to enhance security.
Is anyone taking this seriously? It is a joke. Todays guidence is to remove their products where ever installed on US servers.
Install their products and you won't have to worry about being hacked. You already left the barn door open and the cows are gone.

Creepy Linux

[bigtreeman]

After all these years I'm getting tired of the complexity creep in Linux.
When we say Linux, we don't just mean the kernel,
it's the whole ecosystem and it's getting bloated.
Hello OpenBSD.
Much stronger security, much easier configuration.
Smaller, more straightforward.

Story contains no actual evidence of hacking

[minorityreport]

What a total non-story. Unless these “tools” can get on your computer without user action such as downloading and installing compromised software, then the story is entirely specious.

Comment

[WallyL]

So long as that code is GPL-compliant, go for it! The malware might even get forked and improved. It'd be nice if they add a runtime option for C&C as well, that way you can point it to your favorite one, kind of like a Facebook like!