Linux Systems in the Hackers’ Cross Hairs

June 27, 2017 – 4:02 PM

Security experts have warned IT teams to improve protection for Linux servers and IoT devices after observing an increase in threats targeting these systems.

WatchGuard Technologies’ latest quarterly Internet Security Report is based on analysis of over 26,500 active UTM appliances round the world.

It revealed that overall malware detection dropped by 52% from Q4 2016 to the first three months of this year as seasonal campaigns ceased.

However, despite that fall in detected malware volumes, Linux malware comprised more than a third (36%) of the top threats observed by WatchGuard during the period.

Among the top 10 threats detected by the firm were “Linux/Exploit”, “Linux/Downloader” and “Linux/Flooder”, the latter related to generic DDoS tools.

Linux Exploit is a generic detection rule used by WatchGuard to catch Linux trojans which usually infect devices before scanning related networks for others hosting Telnet or SSH services, attempting to log in using default credentials or via brute force. This was the MO of the infamous Mirai malware.

Jonathon Whitley, director at WatchGuard Technologies, argued that IoT devices are not designed with security in mind and frequently run on unsupported legacy operating systems

“Consequently it is essential that they are protected by robust IPS and AV to ensure any vulnerabilities are addressed before the IoT device is accessed,” he told Infosecurity.

“We recommend that these devices be protected with strong firewall policies ensuring that access privileges are only granted where essential. Access can be further controlled by enabling application control, which will allow users to, for example, stop any access via a TOR Network, a common tool used by hackers. Visibility of traffic is critical to allow users to view who and how these devices have been accessed, allowing you to shape and tighten your policies.”


You must be logged in to post a comment.