[Lex Computer & Tech Group/LCTG] Perhaps an article of interest - Linux Malware

[Robert Primak]

 See the previous message formCharly Sestokas about Linux malware.
Charly and Group:
Linux has one major difference over Windows which has kept its security much better and will keep it so for a long time to come. And it is NOT that Linux is open-source. It is that under Linux, you do NOT runn programs with Administrator (Root in Linux) privileges!
Nearly ALL of Windows requires at some point to run programs or install software or updates using a System Account. This account has privileges NEVER allowed for software installs or updating in Linux! Add to this the notorious Windows Registry, also not found in any Linux distro, and Windows has a HUGE attack surface which is not anywhere near as exposed in Linux.
As to the ZD Net article, it is timely and correct -- for Internet-exposed Enterprise or business SERVERS. IoT here refers to BUSINESS and INDUSTRIAL IoT, not Consumer levl IoT devices (which have a HORRIBLE record of securing themselves!).  Routers refers to ALL routers, as most use Linux code, due to the fact that a Linux footprint can be many times smaller than the enormously code-bloated Windows and MAc operating systems. Stripped down to its kernel, Linus needs one-on-hundredth the hardware resources of full-scale operating systems, yet can out-perform full OSes in many task-specific or task-limited hardware applications. Robotics, Industrial Iot (IIoT) and modems all run on Linux, often older kernels. Android runs essentially a Linux kernel -- one which is over a DECADE behind the times! 

When updated regularly, when using a current or recent kernel, and when hardened by a decent firewall, Linux can be more secure than the most secure Windows and Mac devices. That's why no one thinks that they need to be vigilant in updating their Linux systems. And that's when the bad guys, sometimes State Actors, can gain the upper hand. Linux ransomware is well-known and does exist. But if you wantg to think of a real nightmare, look at the mysterious explosions in Iran's military and nuclear-related facitilites during the past two months. That is definitely sabotage, and it has been increasingly targeting Linux based systems. 

Almost everyone in India uses Linux because few can afford the Windows Tax or the Apple Premium. So this is where folks learn how to undermine Linux security. China creates and then exploits its own versions of popular Linux and Android variants. Russia is also very far ahead of the US in Linux development and exploitation. The UK is where Ubuntu (Canonical) is developed. Only the USA fails to recognize and adapt to the ever-increasing role of Linux in private and government and academic sector server security. 

Anyway, the article is timely and fascinating, and I hope to find oujt more.
Linus Torvalds and the current team of Linux developers are hard at work on the next upgrades of the Linux kernel. I regularly upgrade my Linus kernels in Fedora (IBM-Red Hat) and Ubuntu (Canonical). I even scan Windows 10 with ClamAV, using their Linux subsystem under Windows Powershell 7.2, also continually upgraded. Fascinating results, usually well beyond what Windows AV programs can or will show you. 

-- Bob Primak





    On Monday, August 17, 2020, 10:56:57 AM EDT, Charles Sestokas <charly_s_20 at yahoo.com> wrote:  
 
 The following article might be of interest to Linux users.

  I haven't read the full article whether it might be for Linux Servers, or Desktops, or some Writer's interest to get Paid for writing an article.

  Anyway, just a partial of the Article

CharlyS

++++++++++++++++++

https://www.zdnet.com/article/this-surprise-linux-malware-warning-shows-that-hackers-are-changing-their-targets/?ftag=TRE-03-10aaa6b&bhid=26329585965483248239328060841947&mid=12988885&cid=814188259


This surprise Linux malware warning shows that hackers are changing their targets
  by Steve Ranger | August 16, 2020

  The old assumptions about security are wrong and will need updating, fast.


The revelation from the FBI and National Security Agency that Russian military intelligence has built malware to target Linux systems is the latest dramatic twist in the unrelenting cybersecurity battle.

The two agencies have revealed that Russian hackers have been using the previously undisclosed malware for Linux systems, called Drovorub, as part of their cyber-espionage operations. The malware allows hackers to steal files and take over devices. 

Drovorub is far from the first piece of malware to target Linux; it's not even the first piece of Russian malware to target Linux devices. Last year, Microsoft warned about malware that was attacking Internet of Things (IoT) devices, and in 2018 the VPN Filter malware, also likely the work of Russian state-backed hackers, targeted routers. And it's not just state-backed hackers that Linux users have to worry about either; there's evidence of password-stealing malware and even some suggestions that ransomware gangs are trying to target Linux, too. 

  < MORE >
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/private.cgi/lctg-toku.us/attachments/20200817/ed17a141/attachment.html>