Linux Systems in the Hackers' Cross Hairs

Security experts have warned IT teams to improve protection for Linux servers and IoT devices after observing an increase in threats targeting these systems.

WatchGuard Technologies’ latest quarterly Internet Security Report is based on analysis of over 26,500 active UTM appliances round the world.

It revealed that overall malware detection dropped by 52% from Q4 2016 to the first three months of this year as seasonal campaigns ceased.

However, despite that fall in detected malware volumes, Linux malware comprised more than a third (36%) of the top threats observed by WatchGuard during the period.

Among the top 10 threats detected by the firm were “Linux/Exploit”, “Linux/Downloader” and “Linux/Flooder”, the latter related to generic DDoS tools.

Linux Exploit is a generic detection rule used by WatchGuard to catch Linux trojans which usually infect devices before scanning related networks for others hosting Telnet or SSH services, attempting to log in using default credentials or via brute force. This was the MO of the infamous Mirai malware.

Jonathon Whitley, director at WatchGuard Technologies, argued that IoT devices are not designed with security in mind and frequently run on unsupported legacy operating systems

“Consequently it is essential that they are protected by robust IPS and AV to ensure any vulnerabilities are addressed before the IoT device is accessed,” he told Infosecurity.

“We recommend that these devices be protected with strong firewall policies ensuring that access privileges are only granted where essential. Access can be further controlled by enabling application control, which will allow users to, for example, stop any access via a TOR Network, a common tool used by hackers. Visibility of traffic is critical to allow users to view who and how these devices have been accessed, allowing you to shape and tighten your policies.”

Web servers were also at risk in Q1, with 82% of the top network attacks spotted by WatchGuard targeting these or other web-based services.

Innovations in malicious code mean that legacy AV tools are increasingly unable to do the job they were built for, the security firm claimed.

They missed 38% of the total number of threats stopped by WatchGuard in Q1, compared to 30% in the previous quarter, as zero-day threats continued to outsmart signature-based techniques.

Elsewhere, online attackers are still exploiting the Android Stagefright vulnerability to good effect, proving that mobile users are slow to upgrade their operating system versions.

What’s Hot on Infosecurity Magazine?