Linux Servers Under Attack for a Decade

New research has found that the Linux platform has been under attack from Chinese threat groups for a decade. 

The "Decade of the RATs Research Report," published today by BlackBerry, reveals how five Chinese APT groups targeted Linux servers, Windows systems, and mobile devices running Android in a prolonged cross-platform attack. 

Researchers said that they are confident that the APT groups "are likely comprised of civilian contractors working in the interest of the Chinese government who readily share tools, techniques, infrastructure, and targeting information with one another and their government counterparts." 

Currently, Linux runs on all of the world’s 500 fastest supercomputers, and 90% of all cloud infrastructure and 96.3% of the world's top 1 million servers run on Linux.

Historically, the Linux platform has been overlooked from a security perspective. 

"One of the main reasons there aren’t many security tools for Linux is because there are relatively few Linux machines in the world (roughly 2%), therefore it’s a tough way for companies to make money,” Eric Cornelius, chief product architect at BlackBerry, told Infosecurity Magazine.

"Security products and services are not as widely deployed for Linux platforms as they are for the more popular Windows and Mac platforms."

Cornelius added that a prevailing assumption that Linux is more secure because it is open source "is just not the case." 

Asked what currently overlooked platforms could become "the Linux of the future" from a cybersecurity perspective, Cornelius said: “The most obvious one is mobile. As the 'Mobile Malware' report that we released this past fall points out, security vendors have only recently started deploying products to address a problem that governments and government-backed groups have been getting away with for a decade or more, with relative impunity. 

“Attitudes about adware are the source of another area of concern, as more and more APT groups disguise their malware as adware, thinking that it can fly under the radar and receive low priority if caught. We’ve also seen an uptick in the abuse of legitimate cloud service providers whose infrastructure is being co-opted by attackers to carry out their operations.”

By exposing a threat that has emerged from the past, the new research is bad news for security professionals, already stretched by dealing with current and predicted threats. 

Asked how professionals should split their attention when it comes to countering attacks, Cornelius said: “It's a process, not an exact science. But too often, the security industry and network defenders fixate on the next and the newest and forget to look back to see how past threats have evolved. As the old adage goes, 'Those who cannot remember the past are condemned to repeat it.'”

What’s Hot on Infosecurity Magazine?