Author Topic: Linux Security Systems Nation Wide Under Attack  (Read 83 times)

0 Members and 1 Guest are viewing this topic.

Offline buster

  • Posting Member
  • Hero Member
  • *
  • Posts: 956
Linux Security Systems Nation Wide Under Attack
« on: August 13, 2020, 01:20:27 pm »
Here's an excerpt from the article:

“This malware represents a very significant threat,” Keppel Wood, chief operations officer in the NSA’s cybersecurity directorate, said in an interview. She added that national security systems, the Department of Defense, the defense industrial base and the larger cybersecurity community rely on Linux-based systems, meaning that “this threat has potential to be widespread, especially if network defenders don’t take action against it.”

Here is the article:

https://www.bnnbloomberg.ca/fbi-and-nsa-disclose-malware-used-by-russia-s-fancy-bear-1.1479637


Administrator Note: We have a security section under Linux. That is the place to put topics like this. So I've moved it. :)
« Last Edit: August 15, 2020, 05:52:26 pm by Jason Wallwork »
"With all due respect John I am head of IT and I have it on good authority if you type 'Google' into Google you can break the internet, so please no one try it, even for a joke." ( Jen on 'The IT Crowd' )

Offline Jason Wallwork

  • President
  • Administrator
  • Hero Member
  • *****
  • Posts: 2975
Re: Linux Security Systems Nation Wide Under Attack
« Reply #1 on: August 15, 2020, 06:01:51 pm »
Scary. As long as servers are updated, we're fine but so many system admins don't. It doesn't mention exactly how it gets control of a system but it must be some flaw. This article from Ars Technica explains more about why it's dangerous, that it is used to create a launchpad to attack other servers with more interesting information on them. I'm guessing this technique makes it very difficult to find the origins of the actual attacks.

What's really scary to me is the other things that the Russian group is doing like:

In August, Microsoft reported that the group had been hacking printers, video decoders, and other so-called Internet-of-things devices and using them as a beachhead to penetrate the computer networks they were connected to. In 2018, researchers from Cisco’s Talos group uncovered APT 28’s infection of more than 500,000 consumer-grade routers in 54 countries that could then be used for a range of nefarious purposes.

There are so many IoT (Internet of Things) devices out there that are either not patched or can't even be patched and there will be an increasing number of them. Add routers to that and it's like a virtual army.
"With all its sham, drudgery, and broken dreams, it is still a beautiful world." - Max Ehrmann, Desiderata