Linux users have been warned to up their security protection following new research which found the system could be facing a significant rise in cyber threats.
Researchers at Kaspersky have discovered a rise in the amount of criminals targeting Linux, which is often thought to be safer and more secure than other operating systems.
But the company discovered a rise in attacks designed to specifically damage Linux systems as criminals go after bigger and bolder gains.
Kaspersky says the trend in attacks is particularly worrying as more organisations choose Linux for strategically important servers and systems over Windows.
However the company found Linux systems could potentially be at risk from advanced persistent threats (APTs) and targeted attacks from hackers that have created specifically Linux-focused tools.
Kaspersky says that over a dozen APT actors, including dangerous threat groups such as Lazarus, have been observed to use Linux malware or some Linux-based modules in recent years, diversifying their attacks across multiple operating systems in a bid to maximize returns.
The company notes that there is a myth that Linux, being a less popular operating system, is unlikely to be targeted by malware. However this is often not the case, with smaller, more targeted attacks becoming the norm, especially in systems using multiple operating systems, where access to an infected device could allow hackers into endpoints running Windows or macOS.
In the example of Lazarus, which is reportedly based in North Korea, the group used Linux malware to carry out widespread attacks and attempts to target multiple organisations in the US and Europe.
“The trend of enhancing APT toolsets was identified by our experts many times in the past, and Linux-focused tools are no exception,” noted Yury Namestnikov, head of Kaspersky’s Global Research and Analysis Team (GReAT) in Russia.
“Aiming to secure their systems, IT and security departments are using Linux more often than before. Threat actors are responding to this with the creation of sophisticated tools that are able to penetrate such systems. We advise cybersecurity experts to take this trend into account and implement additional measures to protect their servers and workstations.”
In order to stay safe, Kaspersky recommends maintaining a list of trusted software sources and avoid using unencrypted update channels, and not running binaries and scripts from untrusted sources.