Attackers have increased their attacks against Linux-based devices over the past year, taking advantage of several key factors. From general complacency to the hyperconnectivity of the public cloud or Internet of Things (IoT) devices, it has become easier to initiate an attack against Linux infrastructures. That’s why it’s crucial for Linux administrators and users to understand the characteristics of the most common Linux attack vectors.
With the number of IoT devices using Linux now hitting the 40% mark, the advantages of Linux isolation are eroding rapidly. These devices include everyday items, such as ATMs, pin pads, and smart appliances. And as the consumer demand and availability expectations for these devices continue to grow, so will the necessity for improved hyperconnectivity.
Brute force attacks are the most prevalent mode of engagement used against these hyperconnected devices. The type of brute force attack used against Linux-based devices spans the same range as those targeting Windows devices, from simple or dictionary attacks to rainbow table or credential stuffing attacks.
There are three key ransomware families in the Linux world that all Linux administrators and users should become familiar with. These are:
An open-source tool called Ezuri is making steady progress as an attack vector of choice. Written in Golang, Ezuri encrypts ransomware code that is then executed directly from system memory. This leaves no trace behind for post-incident analysis, and is difficult to detect by current security software. One hacker group, TeamTNT, is well known for using this attack tool to go after improperly configured Docker systems.
Although many in Linux circles will testify to Linux’s reputation is being more secure than Windows, it is clearly becoming a bigger target. The tools used by actors continue to evolve to include common configuration flaws and vulnerabilities within all flavors of Linux.
This can be combated simply by adhering to configuration and security best practices in the management of any Linux device. First and foremost, don’t become lulled into a false sense of security, thinking that Linux is immune to ransomware. The reality is that almost nothing is.