Linux users have been known to snicker at their Windows-using counterparts, because their Linux systems are “impenetrable.” The fact is, Linux isn’t impenetrable, as the Shellshock scare proved. Windows accounts for a considerably larger portion of users, so hackers get more bang for their buck by developing malware to target that lion’s share of systems. But, your IT service desk needs to be aware of Linux’s vulnerabilities so that the handful of Linux malware that is developed doesn’t wind up targeting you and your network.
A Brief History on Linux Malware
The vulnerabilities exploited by Shellshock aren’t new. In fact, they’ve been around for over two decades. Additionally, Linux users should be cognizant that even if a piece of malware passes through their system without inflicting harm, they can unknowingly pass the malware on to their susceptible Windows-using colleagues and friends. Securing your Linux systems doesn’t just protect your Linux users, it helps stop the spread of malware to other users, clients, vendors, and others.
- Staog hit Linux in 1996
- Bliss hit in 1997
- Ramen and Cheese hit in 2001
- Slapper hit in 2002
- Badbunny hit in 2007
- Snakso hit in 2012
- Hand of Thief hit in 2013
- Windingo hit in 2014
- Shellshock/Mayhem hit in 2014
- Turla hit in 2014
What does a quick scan of this list show? Linux has been targeted by malware less than one time per year until 2014. Furthermore, the attacks are doing more damage. Mayhem and Turla, for example, have the potential to devastate a business. Comparatively, earlier Linux malware like Badbunny and Cheese were more like practical jokes. Three significant attacks occurred in 2014 alone. Attacks against Linux are escalating — both in frequency and severity. It’s time to get serious about Linux security.
Steps for a More Secure Linux System and Network
What can you do to protect your Linux systems?
- Be sure you’re getting security patches. Often, it is the applications, not the operating system, that is targeted by malware, so it’s important to identify any applications that have been abandoned by the developer or distributor.
- Install antivirus software. Yes, antivirus software on a Linux system. The time has come.
- Use a firewall and set the default to Deny All. Access to systems should be approved on a case-by-case basis, not denied on a case-by-case basis.
- Get a good IT asset management tool in place to monitor hardware and software assets. This helps you identify vulnerabilities, like missing security patches or access to the system by unauthorized parties.
- Change the default settings to more secure levels.
While Windows malware still outpaces Linux malware by many margins, Linux systems are more vulnerable than once thought and are clearly being noticed by malware developers. Some malware, such as Turla, is government-sponsored (likely by a Russian entity), and are designed specifically for corporate espionage and spying purposes. If your systems contain sensitive information like intellectual properties, proprietary data, or consumer information, you could very well be a target for attack.
About Donald Norman
Read more articles by Donald