New Delhi, September 12 (IANS) As organizations choose to use open source operating systems worldwide, cybersecurity researchers have warned that more and more threat players are now targeting Linux-based devices while developing more Linux-focused tools.
Over the past eight years, more than a dozen advanced persistent threat players (APTs) have been observed using Linux malware or some Linux-based modules, according to cybersecurity firm Kaspersky.
Many organizations choose Linux for strategically important servers and systems, not least because this operating system is believed to be more secure and less vulnerable to cyber threats than the far more popular Windows operating system.
There is a significant trend in many countries towards using Linux as a desktop environment for large companies, as well as in government entities, which are pushing threat actors to develop malicious software for this platform.
The APT players targeting Linux include notorious threat groups such as Barium, Sofacy, Lamberts and Equation, as well as recent campaigns such as LightSpy by TwoSail Junk and WellMess, Kaspersky said in a statement.
“Diversifying their arsenal with Linux tools allows threat actors to perform operations more efficiently and with greater range.”
The myth that Linux, which is a less popular operating system, is unlikely to be targeted by malicious software invites further cybersecurity risks.
“The trend of improving APT toolkits has been identified by our experts many times before, and Linux-focused tools are no exception. In order to secure their systems, IT and security departments use Linux more often than before, ”said Yury Namestnikov, head of Kaspersky’s Global Research and Analysis Team (GReAT) in Russia.
“Threat actors respond to this by creating sophisticated tools that are able to penetrate such systems,” he added.
While targeted attacks on Linux-based systems are still uncommon, there is absolutely malicious software designed for them – including webshells, backdoors, rootkits and even custom exploits.
Furthermore, the small number of attacks is misleading, as the successful compromise of a server running Linux often leads to significant consequences.
“These include attackers who not only access the infected device, but also endpoints running Windows or macOS, thus providing wider access for attackers who can go unnoticed,” Kaspersky said.
Lazarus, a Korean-speaking APT group, continues to diversify its toolkit and develop non-Windows software.
“We recommend cybersecurity experts to take into account this trend and take further action to protect their servers and workstations,” Namestnikov suggested.