Stay Ahead With Linux Security Features

Improving the Linux Security Dashboard Through User Input and Feedback

. We appreciate your input and continued support, and look forward to offering you an enhanced user experience in the coming months. As a token of our gratitude, here's a free infographic on the anatomy of a Linux fileless malware attack. Please download, save and share! Get My Free Infographic Security Dashboard Redesign Survey Objective & Results We’re in the process of redesigning the Security Dashboard section of our site for an enhanced user experience, and recently conducted a survey to get input from our users on some changes we are considering making and what features and capabilities of our site they value most. Below are the key findings from the survey. How do you compare? 1. What do you think about the idea of a “Security Dashboard” where you can get the latest Linux security info in one concise place? It's a great idea LinuxSecurity.com is already a dashboard I don’t think it would benefit me Please tell me more!

2. We’d like to get an idea how you consider security updates for your systems. What is your approach when updating your Linux system? My system updates automatically I review updates based on the application I review updates based on my distro 3. When viewing security advisories, I'd like the ability to: See the severity or impact of the vulnerability for all distros together See only distros I manage in a single view See all updates for distros I manage based on a particular vulnerability It’s Not Too Late to Get Involved in Designing the Next Generation of LinuxSecurity! Even though this survey is now closed, we always welcome feedback and ideas from the community! Please reach out to us via email or on social media with your thoughts and suggestions. We look forward to hearing from you! This email address is being protected from spambots. You need JavaScript enabled to view it. Twitter | Facebook | LinkedIn . We appreciate your input and continued support, and look forward to offering you an enhanced user ex. appreciate, input, continued, support, forward, offering, enhanced. . Brittany Day

Fileless Malware Attack on Linux: Techniques and Mitigation Strategies

Recent years have demonstrated that Windows users are not the only ones who should be concerned about malware. Linux is becoming an increasingly popular target among malware operators due to the growing popularity of the open-source OS and the high-value devices it powers worldwide. Security researchers from AT&T Alien Labs are now warning that “cyber gangs have started infecting Linux machines via a fileless malware installation technique that until recently was more commonly used against Windows-based systems”. . So what exactly is fileless malware and how does a fileless malware attack on Linux work? This article will provide you with answers to these questions by honing in on the anatomy of a Linux fileless malware attack - equipping you with the knowledge necessary to secure your systems and your data against this stealthy and malicious threat. Let’s begin by exploring the concept of fileless malware. Fileless Malware 101 Unlike traditional malware which leverages executive files to infect systems, fileless malware does not rely on files to accomplish this - as its name suggests. Rather, this stealthy new type of malware infiltrates a server’s random-access memory (RAM) and exploits existing, trusted software and applications known as LOLBins to install and run malicious code on target systems. This strategy of essentially turning systems against themselves is referred to as “living off the land”. Malicious code downloaded on the target system is often used to encrypt and exfiltrate sensitive data, and transfer it directly into the hands of the attacker. Fileless malware attacks leave no trace on the systems they infect, as all malicious activity is performed directly in RAM and no files are written to the hard drive. This type of attack is considered an Advanced Volatile Threat (AVT) - after the affected system reboots all malicious code present on it disappears, but damage has already been done to the impacted server. Because fileless malware does not leverage executablefiles to infect systems and therefore has no signature, it is able to evade the detection of signature-based antivirus software and many traditional security solutions. How Does a Fileless Malware Attack on Linux Work? Fileless malware attacks targeting Linux systems are carried out in a series of clearly-defined steps, beginning with infection via the exploitation of a vulnerability and ending with the compromise of a server and the data it houses. Let’s take a closer look at how fileless malware attacks on Linux systems work, broken down step-by-step, to help you better understand this growing threat to your systems and your data. Step 1: Infection via Exploitation of a Vulnerability Whereas fileless malware infects Windows systems via a malicious link delivered in a phishing email, fileless malware infects Linux systems by exploiting a vulnerability such as a flaw in a network protocol or in a browser’s Flash plugin. For instance, TeamTNT’s infamous Ezuri Golang malware exploits misconfigured Docker instances and exposed APIs to turn vulnerable systems into DDoS bots and cryptominers. Step 2: Modification of a Linux Process Once it has gained access to the target system through the exploitation of an unpatched security bug, the malware modifies and crashes a running Linux process using the ptrace() system call. This system call is commonly used by debuggers to inspect and manage the internal state of the target process, and is useful in software development. Step 3: Insertion of Malicious Code into Memory Once the malware has crashed a running process using ptrace() , it is able to cause the process to insert malicious code into memory without writing to the disk. This is frequently accomplished by exploiting a buffer overflow, or a situation in which a program, while writing data to a buffer, or an area of memory, overruns a buffer’s boundary and overwrites adjacent memory locations. Step 4: Execution of Malicious Code = System Compromise Most installed Linuxdistributions have pre-installed software, which usually has programming language interpreters such as Python, Perl, С Compiler and PHP. Fileless malware exploits these interpreters to execute the malicious code it has inserted into the memory of the target system. By placing malicious code in /dev/shm or/run/shm directory, it is possible to run the file directly in the RAM. Attacks such as those leveraging the Ezuri encryption tool, which use system calls such as memfd_create() to create an anonymous file in the RAM that can be run, have gained popularity recently. Once the malicious code is executed, the attacker has successfully compromised the target system. He or she is now capable of performing an array of malicious actions such as damaging the impacted server, stealing sensitive data and encrypting critical files on the system . Download Infographic How Can I Protect Against Fileless Malware? Securing a Linux system against fileless malware and other sophisticated modern threats requires a proactive, layered security strategy . The majority of attacks on Linux systems can be attributed to misconfigurations and poor administration, making it essential that administratorsremain vigilant about testing and verifying the security of their servers . In addition, we recommend that administrators implement these security best practices to protect against filelessmalware and other dangerous exploits: Make sure that all software and patches are up-to-date. Uninstall applications that are not being used and disable unnecessary services and program features for all necessary applications. Restrict admin privileges - only grant the privileges that are necessary for a user to do his or her job. Monitor network traffic and check activity logs frequently. In the event that an infection does occur, change passwords immediately once you become aware of the infection and again after disinfection. Implement adaptive security solutions capable of detecting malicious code –not just on the file system, but also in the RAM. The Bottom Line Fileless malware is a growing concern for Linux administrators. Linux is considered a very secure OS by design - and rightfully so. With its robust privilege system and the “many eyes” of the open-source community scrutinizing the increasingly popular OS’s code for security vulnerabilities, Linux users are generally much safer than their Windows-using counterparts . That being said, sound administration and the implementation of security best practices can help prevent fileless malware attacks and other dangerous modern exploits that threaten Linux systems. . Delve into the mechanisms behind fileless malware on Linux platforms and learn effective strategies to safeguard your systems against this elusive danger.. Fileless Malware, Malware Attack Strategies, Linux Threat Prevention, Advanced Malware Techniques. . Brittany Day