What Linux Malware Attacks Mean for SMBs

Recently, hackers attempted to steal data from a North American casino by hacking a fish tank connected to the internet. Once this device was compromised by the hackers, they were able to get onto the network of the casino and find other vulnerabilities.

Linux malware attacks

Not so funny after all

Now stories like this may sound like a joke, but they should worry the leaders of small–medium businesses. The operating system controlling this fish tank is likely to be the same software that controls the TVs, printers and even kettles that they have connected to the internet, or will want to – or have to even – connect in the future.

This software is called Linux – and you will possibly never have heard of it. It is the operating system used to control many of the devices that make up the Internet of Things (IoT). Analysts are forecasting that in only ten years’ time there will be 1 billion internet-connected devices ranging from office kettles to printers around the world.

That’s not all

You may think that you don’t need to worry because no one is going to find your internet-connected photocopier, printer or alarm system amid all the noise of the web. Unfortunately, you would be wrong.

There is now a new kind of search engine. One example is Shodan which can help anyone find the devices your business has connected to the internet. (It’s not restricted to business devices either, it can find personal devices connected to the internet too.)

It’s no wonder then that a senior police officer is arguing that domestic appliances that are connected to the internet should have a cyber security rating alongside their energy security rating.

Why Linux, why now?

Linux is an operating system like Microsoft Windows. Like any operating system, its job is to enable the software and hardware of your laptop – or fridge or printer – to work well together to complete the tasks that we want to be completed.

Linux is made up of different components, and one particularly important part is called the kernel. The kernel is the core of the whole system and manages the central processor, memory and peripheral devices. If this is not updated regularly, just like other software on a computer, then the device it is a part of becomes vulnerable to attack.

Linux is a desirable option for the manufacturers of smart printers, TVs, fridges and the like because it can be an open-source, which means that the code is free to use and modify. Up to now, it has had an excellent reputation for being secure: it has suffered from a fraction of the malware that assails your Windows laptop every day.

However, the worry for small businesses is that this reputation might not last for much longer.

There have been some recent reports that malware attacks aimed at Linux have been increasing over the past year because its popularity and importance to the Internet of Things has caught the eye of hackers. One report from a leading research institute suggested that Linux attacks had tripled over the last year.

Another report indicates Linux malware made up more than 36 percent of the top threats identified in the first three months of 2017.

SMBs watch out!

Unlike Windows malware, most Linux malware earlier this year was coming from the internet rather than from clicking on a link in an email. This means that it is targeting the devices themselves rather than their users.

The hackers are sidestepping the human link in the chain and going directly to the device.

Linux ransomware

The trouble for small businesses is that many employees will be unfamiliar with Linux malware and that it can be used to spy on them, hold their data to ransom and use their devices to stage coordinated attacks on third-party websites the hackers choose to target. Hackers also try to infect Linux installed on routers without needing to infect an employee’s mobile or laptop.

Linux malware includes threats such as Mirai, which turns internet-connected devices including cameras and routers into remotely controlled “bots”. These bots can then be used in conjunction with a large number of other hacked devices to launch information-gathering exercises or even large-scale coordinated attacks on networks (DDoS).

Capturing login details

Alternatively, attacks by another nasty piece of software called Linux/DDoS-BI are growing in frequency. This software guesses by trial and error the login details to your device. Once installed, it gathers information covertly on the use of the device which it reports back to its owner.

Then there is Erebus. Erebus is a piece of ransomware that once targeted only computers running Windows. However, it was recently modified so that a variant will work against Linux systems.

Unpatched software is a risk

The South Korean web host Nayana recently agreed to pay $1 million to a ransomware operation running the Erebus variant, which encrypted data stored on 153 Linux servers and 3,400 customer websites. While no one knows for sure how the ransomware came to be installed, Nayana was running versions of Linux that hadn’t been updated since 2008.

Over the last year there have been a number of leaks of hacking tools from the vaults of the CIA and NSA. While most of these leaked tools were designed to attack Windows, some were uncovered that targeted Linux. The CIA’s OutlawCountry and Gyrfalcon are fearsome sounding hacking tools aimed specifically at Linux-controlled servers and are now presumably in the hands of criminal gangs.

What then can SMBs do about the threat from Linux malware?

“The security of many Internet of Things devices leaves a lot to be desired,” says Greg Mosher, Vice President of Product and Engineering, AVG Business by Avast. “The small businesses that purchase these products are often unaware just how bad it can be and may not have the resource or skill in-house to assess the IT security risks properly.”

Linux malware prevention

“However, there are a number of things you can do to make your internet connected devices more secure. The first is to change the password and username on any internet-connected device that you buy from the factory settings to ones that you have chosen. Make them strong! Twelve characters long and a mix of characters too. No birthdays or pets’ names.

“Secondly, keep your Linux software updated because this might be the only defence the manufacturer has given your device. This is because it is likely you won’t be told there is an update and, if you are, it is unlikely to update itself automatically.”

“Thirdly, think about how secure an internet-connected camera, printer or photocopier is when you buy them for your business.”

“Lastly, don’t think you don’t have to worry about your Wi-Fi office kettle: if they can hack a fish tank, they can hack a kettle and find a way into your network.”

In short:

  • Buy the best-secured devices you can afford.
  • Keep it updated.
  • Keep the login details strong and only share them on a need to know basis.

Leave a Reply

Your email address will not be published. Required fields are marked *