Welcome to the *BIG* League, Linux! As I have been ‘Reporting Recently’, Linux is no longer safe and secure from malware attacks and/or other security issues…in fact, Linux is becoming a target-first option for such criminal hackers, and Linux developers are totally unprepared. Hey, as I have said for a long time, servers are nothing more than glorified ‘Babysitters’ usually doing little more than “babysitting hordes of Microsoft Windows OSes.”
I had never paid much attention to desktop/laptop security issues involving Linux, until around July of last year, about the time that Intezer discovered EvilGnome (it is my understanding that they discovered it first, but I may be wrong) – EvilGnome: Rare Malware Spying on Linux Desktop Users:
Linux desktop remains an unpopular choice among mainstream desktop users, making up a little more than 2% of the desktop operating system market share. This is in contrast to the web server market share, which consists of 70% of Linux-based operating systems. Consequently, the Linux malware ecosystem is plagued by financial driven crypto-miners and DDoS botnet tools which mostly target vulnerable servers.
This explains our surprise when in the beginning of July, we discovered a new, fully undetected Linux backdoor implant, containing rarely seen functionalities with regards to Linux malware, targeting desktop users.
For whatever reason/s I didn’t report on any of the articles that were talking about it, e.g. New EvilGnome Backdoor Spies on Linux Users, Steals Their Files *NOR* EvilGnome – Linux malware aimed at your desktop, not your servers. Seems I read a couple forums that said there was nothing to it, and maybe read other Linux magazine articles that also said it was nothing … point is, that info slipped past me.
Now I’m seeing daily articles on these Linux malware issues, and it seems to have all started with news that Microsoft Defender ATP for Linux was now available for public preview. I wrote a recent post on it: Microsoft helping Linux with Security – ‘Microsoft Defender ATP for Linux’ and then created the Linux Security Issues page. However, I’m not seeing a lot on these malware issues from a few Linux forums that I check regularly, nor am I reading about it from the regular Linux magazines I check daily. This malware news, that I am getting, is coming from sites like BleepingComputer & The Register … sites that I don’t check often. The Register article seems to also notice Microsoft’s involvement – Microsoft uses its expertise in malware to help with fileless attack detection on Linux:
Microsoft isn’t the only outfit squaring up to fileless threats. Kaspersky has been quick to trumpet its effectiveness and Trend Micro points to some alarming statistics concerning the surge in threats as criminals seek different means to compromise systems.
However, as its continued love-in with Linux continues (heck, a large chunk of Azure is running the OS), Microsoft has decided that maybe, just maybe, the lessons learned monitoring its proprietary OS could be extended elsewhere.
The silence from the Linux Community is ‘Deafening’.
Another good read on the subject, from Microsoft – Azure Fileless attack detection for Linux in preview:
I’ll also add this post to the Linux Security Issues page…