Story image

Trend Micro shows that Linux systems not so bulletproof against trojans

15 Sep 2016

Trend Micro says it's not all smooth sailing for users operating the Linux platform, as its open-source based operating system grows increasingly vulnerable to cyber attacks.

While the system may be turning into a customizable and preferred playform for developers, web servers, networking and databases in enterprises, users should still remain vigilant.

In a blog, the company detailed some of the recent threats that have targeted Linux machines, and the list is fairly substantial.

LuaBot is the newest threat on the scene, having beind discovered this month. It also targets Linux and IoT devices, and also acts as a botnet for DDoS attacks. The company says it's packed as an ELF binary which infects ARM platforms, however researchers are still trying to understand how it works.

The Mirai trojan was discovered in August and is a variation of older trojans called Gafgyt, Bashdoor, Torlus and BASHLITE. Mirai targets Linux and IoT devices, particularly DVRs running Linux Firmware. It causes infected systems to turn into botnets which can conduct DDoS attacks.

The Rex Linux Ransomware, known as Ransom_REXDDOS.A, can inflict bitcoin mining, ransomware and turning systems into bots that can be used in DDoS attacks. The company says that the malware has been updated in the past three months, which suggests that it's not more dangerous than ever. The updated version infects web servers after botnets rind holes in Drupal, WordPress and Magento websites. The company says Rex commonly uses the Kademlia P2P network on port 5099 with TLS enabled.

Umbreon, named after a Pokemon, is also known as ELF_UMBREON. Although it has been around since 2015, its developer has been behind other attacks since 2013. Umbreon targets Linux systems, including those running Intel and ARM processors and can thus target embedded devices. It can intercept network traffic, terminal commands and gives access to the infected device, and is also very hard to detect by even adminstrators, forensic and scanning tools.

Trend Micro recommends that Linux administrators and system administrator should use multi-layered approaches to security, as with any other operating system. The company says that endpoint attack vectors like smartphones must also be secured effectively.

ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.
Forrester names Trend Micro Leader in email security
TrendMicro earned the highest score for technology leadership, deployment options and cloud integration.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.