Linux Malware on the Rise: A Look at Recent Threats
Over the past few years, anecdotal evidence has suggested that security threats to Linux devices are on the rise. Last fall’s Mirai botnet attacks, which turned thousands of Linux devices into a zombie army used to attack infrastructure via Distributed Denial of Service (DDoS), were particularly effective in waking up the Linux community.
Now, we’re seeing quantitative statistics to support the Linux malware trend. On the heels of a WikiLeaks release detailing the CIA’s OutlawCountry and Gyrfalcon hacking tools aimed at Linux, both AV-Test and WatchGuard have released reports claiming that Linux computers are among the fastest growing targets of malware over the past year and a half.
According to AV-Test , MacOS computers saw the largest increase in malware targeting in 2016 with a 370 percent increase, but Linux was close behind with a 300 percent rise from the previous year — triple the number in 2015. WatchGuard’s Internet Security Report , which instead focuses on Q1 2017, claims that Linux malware made up more than 36 percent of the top threats.
A decade ago, Linux was obscure outside the server world, but Tux lovers could at least console themselves with the security of their beloved OS compared to Windows. This helped reinforce the generally true, but somewhat counterintuitive, claim that by inviting anyone to bug check the code, you could build a more secure platform than with a proprietary OS.
A worthy target
The first crack in the Linux armor came in the Android world where many apps revealed themselves to be pestilent. It wasn’t just the app platform — and Android fragmentation — that fueled the increase, however, but Android’s popularity. In recent years, as more and more Linux-based routers, home automation gizmos, and other devices entered the relatively unprotected home scene, hackers have increasingly found Linux to be a worthy target.
The problem is not that Linux is unsafe compared to other platforms. The Linux kernel and other components are regularly updated to meet the latest threats, which are more easily identified thanks to the greater participation afforded by open source. Developers are continually improving system update and integrity protection mechanisms, and protecting against other emerging security threats .
Although more remains to be done, the main issue is that vendors release routers, consumer electronics, and IoT gear with outdated Linux kernels and either no or limited security protections on top of the Linux stack. IoT vendors rarely offer kernel updates, and if they do, there’s usually no over-the-air (OTA) mechanism. The user must be sufficiently motivated to find out about the update, and then download and install it. In addition, consumers tend to leave their devices unprotected by passwords or else use easily hacked passwords.
CIA’s OutlawCountry and Gyrfalcon exposed
The CIA’s OutlawCountry exploit, which was exposed in a Vault7 release by WikiLeaks on June 30, focuses on Red Hat Embedded Linux (RHEL) and the RHEL-based CentOS in their 6.x versions, which primarily run on servers. On July 6, WikiLeaks added a report detailing the CIA’s Gyrfalcon implant, which targets OpenSSH clients on a wider variety of Linux platforms.
As described in a ZDNet story on OutlawCountry, the mechanism takes advantage of the Red Hat distributions’ aged 64-bit 2.6.32 version of the Linux kernel. Before OutlawCountry can do its work, however, the server must have already been compromised with the infiltration of a malicious module, as well as the acquisition of root privileges. OutlawCountry then redirects outbound traffic to a CIA-controlled server by creating a hidden iptables or netfilter table in the Linux kernel’s networking stack. Red Hat is working on a resolution for OutlawCountry, which was internally documented by the CIA two years ago, and has released a command so users can check for infections.
Earlier this year, WikiLeaks released info on the CIA’s Weeping Angel exploit, which attacks Samsung’s Tizen-based Smart TVs, as well as a CIA Dark Matter project that affects the Mac. A few others are general networking exploits that could affect Linux devices, but most of the 15 CIA exploits detailed in WikiLeaks’ 8,000-plus Vault7 documents target Windows.
According to AV-Test, Windows represented 70 percent of the online threats detected by AV-Test anti-malware security systems in 2016. There was a 15 percent drop in Windows attacks in 2016 as malicious hackers turned their attention to Linux and the Mac. Yet, any relief in the Windows world may be short lived — Windows made up 77 percent of attacks in Q1 2017.
The WannaCry ransomware attacks were the biggest scourge on Windows in 2016, but these have slowed greatly. While ransomware is often the most devastating malware, it represents a very small number of attacks, says AV-Test.
In the Linux world, the Mirai botnet appears to have faded somewhat, but other malware is targeting the same IoT devices. These include the Bashlite malware and the older, but ever resilient, Tsunami backdoor. The overall percentage of Linux or MacOS attacks were not listed, but presumably both make up the bulk of the 24.4 percent of 2016 attacks not represented by Windows or Android.
Android attacks
The Linux numbers do not include Android, which represented 5.65 percent of all malware in 2016. That may not seem like much, but it was double the number of attacks in 2015, says AV-Test.
The most infamous Android malware of the last two years — StageFright — has actually infected very few devices, or so Google claims . However, security firm Check Point reports that a type of Android malware called CopyCat last year infected 14 million devices, despite never making it to Google Play. CopyCat ended up rooting more than half of them, or about eight million devices. Most victims were in Southeast Asia, but 280,000 were in the United States. The CopyCat creators earned about $1.5 million, primarily through ad fraud.
Security threats in general dropped by 14 percent in 2016 compared to the 2015 high water mark. However, that’s still the second highest total since AV-Test started its surveys, and Q1 has shown an uptick. The company estimates that some 640 million malware programs were active in 2016.
The WatchGuard Technologies Internet Security Report, which was based on feedback from 26,500 WatchGuard UTM appliances worldwide, suggests that Linux malware is growing even faster than the AV-Test measurements indicate. Linux was said to be the target of 36 percent of malware detected in the first quarter, with IoT devices and servers receiving the lion’s share of attacks.
Other trends include an increase in attacks on web servers, totaling 82 percent of all network attacks. The report also detected seasonal trends: Most malware hits in Q4, followed by a Q1 slowdown.
It’s probably a good idea for all of us to learn more about security. One angle is covered in this recently updated cryptography overview for newbies from TheBestVPB.com.
To learn more about Linux security, check out the SysAdmin’s Essential Guide to Workstation Security from The Linux Foundation.
Источник
Linux Usage Is on the Rise
According to NetMarketShare, Linux saw a significant bump in usage during April.
The COVID-19 pandemic has had some severe effects on the economy and consumer spending habits. Businesses have shuddered, unsure if they’d survive the months-long closure. And although it’s hard to find a silver lining in all the market data, one positive outcome is that the Linux operating system has witnessed a large surge in usage.
Before you get too excited, it’s not as though Linux all of a sudden surged past either Windows or macOS. In fact, Linux desktop usage is still in the single digits. However, in comparison, Linux actually bested both Windows and macOS for growth in April.
The numbers paint an interesting picture, one that points directly to Ubuntu. During the month of April, Ubuntu gained 1.61% (from 0.27% to 1.88%) of the market-share, while Linux as a whole gained 1.51% (from 1.36% to 2.87%). This happens to coincide with the release of Ubuntu 20.04, which has been met with rave reviews across the board.
And while Linux rose nearly 2%, Microsoft Windows dropped 2%, from 89-87%. At the same time, macOS rose 1%.
Although this does not mean Linux has taken over the market and will soon see it’s dream of World Domination finally come to fruition, any increase in market share for the open source desktop is a win.
Related content
In the news: Linux Usage Is on the Rise; Lenovo Is Jumping on the Linux Laptop Bandwagon; A New Linux Laptop Is in the Making; Ubuntu 20.04 Released; and Git 2.26 Released.
ComScore reports a major gain for the mobile operating system.
Market watcher Net Applications has found in their recent statistics that Microsoft’s representation in operating systems has fallen to below 90% of the market. Meanwhile, Mozilla’s Firefox is rising to a more than 20% share in the browser market.
Two statistics for April show that Linux clients have grown to a market share of one to two percent. Both see Linux as gradually gaining ground,
while Microsoft still maintains its quasi monopoly.
A few years ago, the great epic battle of the IT industry was all about operating systems. MS-DOS versus OS/ 2, Windows verses Mac. Novell NetWare rode the wave of the network operating system for a while, until Microsoft punched back with Windows NT. The first couple of years I was in my editor’s chair, it seemed like every month we were writing about some hyperbolic new FUD from Microsoft as it sought to bring down Linux.
Источник
Linux Is on the Rise For Business
Large companies are planning to increase their reliance on Linux over the next five years, both in terms of the number of Linux servers run in their organizations and in terms of the mission-critical nature of the work they’re used for.
Big companies are planning to lean on Linux more in the future, according to a study. That’s according to a report released Tuesday by the Linux Foundation in partnership with Yeoman Technology Group. With data from an invited pool of more than 1900 respondents, the survey found that 76 percent of the world’s largest organizations plan to add more Linux servers over the next 12 months. By contrast, only 41 percent plan to add Windows servers, while 44 percent say they will be decreasing or maintaining the same number of Windows machines over the next year.
Looking out over five years, the difference is even more marked: A full 79 percent plan to add Linux servers over that time, while only 21 percent will add new Windows servers.
“If I were going to sum it up in one sentence, it would be that these are good times to be a Linux vendor,” Amanda McPherson, vice president of marketing and developer programs at The Linux Foundation, told me on the phone yesterday.
‘Migrations at Microsoft’s Expense’
To understand Linux trends among the world’s largest companies and government organizations, Yeoman and The Linux Foundation focused in particular on responses from a subset of close to 400 respondents representing organizations with annual revenues of $500 million or more or greater than 500 employees. Participants included members of The Linux Foundation End User Council and other select organizations.
Sixty-six percent of the planned Linux deployments mentioned by respondents are for brand-new applications or services, while 37 percent are migrations from Windows, the survey found.
“We are seeing more migration at Microsoft’s expense than the industry analysis might lead you to believe,” McPherson noted.
While part of that is inevitably due to the fact that this survey involves some sample bias, since respondents were chosen by the Linux Foundation, another key factor is that the data isn’t tied to server sales the way so much industry data is, she added. Since Linux is free, sales-linked estimates tend to underestimate its adoption considerably.
More Mission-Critical Workloads
Perhaps even more telling than migration plans, though, is that a full 60 percent of respondents said they’re planning to use Linux for more mission-critical workloads than they have in the past. And whereas typically the most common driver for adopting the free and open source operating system is thought to be cost, the current survey found total cost of ownership was cited as the No. 2 reason; rather, in first place was technical superiority. Security, not surprisingly, followed as the third most common reason cited for adopting Linux.
Lack of vendor lock-in and openness of the code were other frequently cited drivers, each noted by 50 percent, as were the long-term viability of the platform, noted by 46 percent, and the choice of software and hardware, cited by 38 and 36 percent, respectively.
In cloud contexts, meanwhile, Linux led far and away, with 70 percent naming it as their primary platform, compared with 18 percent citing Windows and 11 citing Unix. A full 36 percent said they’re using Linux on the desktop as well. “The days of a uniform, universal desktop for companies may be coming to an end,” McPherson said.
Finally, some 87 percent of respondents said Linux is continuously improving, and 58 percent said it’s become more strategic to their organizations.
Bottom line from all this? There can no longer be any doubt–whatever detractors might claim, Linux is increasingly the best choice for business.
Follow Katherine Noyes on Twitter: @Noyesk.
Источник
Search
Linux Security Threats on the Rise
Every year, heck. every month, Linux is adopted by more companies and organizations as an important if not primary component of their enterprise platform. And the more serious the hardware platform, the more likely it is to be running Linux. 60% of servers, 70% of Web servers and 95% of all supercomputers are Linux-based!
Even if they’re not «Linux shops», companies realize certain benefits from bringing Linux in for specific purposes. Its reliability, flexibility, scalability and cost of ownership offer huge advantages over other OSes. but I don’t have to tell you that, do I? You probably earn your keep because of these statistics!
One of the many benefits cited by enterprises bringing in Linux is the security and the resultant «cost of ownership» benefits that come from, among many other things, not having to deal with security-related issues and attacks. While Gartner and other analyst companies have poo-poohed the actual cost benefits in the past, a lawsuit showed that Microsoft had actually influenced its computations and models in favor of calculating Windows’ total cost of ownership, and real-world anecdotal evidence shows the same. Sterling Ball, CEO of Ernie Ball Guitar Strings said, «What about the cost of dealing with a virus? We don’t have ’em. There’s no doubt that what I’m doing is cheaper to operate. The analyst guys can say whatever they want.»
All that said, at least two factors point to increased security risk for Linux going forward: its sheer size and its ever-growing popularity. Simply put, with 15.8 million lines of code in the most recent kernel, the likelihood of a mistake or mistakes simply increases. And mistakes = vulnerability. Witness the GnuTLS bug from earlier this year. And with more Web servers running Linux than anything else, cracking Linux gets you «where the money is», to paraphrase Willie Sutton.
The Bad Guys love it because they can see and manipulate every line of code for their nefarious purposes. The flip side though is that the same things that make it vulnerable, make it safe too. The Good Guys also can look at and patch every line of code as vulnerabilities are exposed or need arises! Vigilance is the key.
Mark Cox, Senior Director of Engineering at Red Hat, talks about the most fundamental level of vigilance—things that seem like they should be «no-brainers» but that are so easy to neglect or forget about. «Vulnerabilities in software are found all the time, so the critical piece of advice is to make sure that your servers are kept up to date with security fixes all the time. That means keeping track of all those cool utilities you download, install, and forget about, like a PHP photo album software I found on my server recently that was a couple years old and full of security holes. There are still Windows servers being infected with Nimda and Code Red worms because they’ve not been patched yet.»
That’s vulnerability more from a single-user/small system point of view. Multiply all those downloads and activities many thousands of times across an enterprise, and you easily can begin to see where vulnerabilities could occur in even the best-intended secure environments. To secure systems on an enterprise scale, one needs more than vigilance. One actually needs real-time continuous visibility into and across the entire landscape/environment and the ability to establish and enforce security policy across the entire environment.
Linux Journal is partnering with Bit9 + Carbon Black for a Webinar to address these issues and more. «One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems» will give you the technical justification for increased vigilance and security measures as well as a roadmap to follow to ensure that your data, your customers’ data and all your systems are safe and secure. The Webinar is on Wednesday, August 27, 2014 at 1:00 pm EDT. You owe it to yourself to stay at least one step ahead of the Bad Guys. This Webinar will help! Go here to register now!
Источник
