Cyber security news for all


    FBI and NSA warn in a joint report about the previously unknown Linux malware

    The NSA has published some details about an undiscovered Linux malware that is currently used by a Russian intelligence service for targeted attacks.

    The US security authorities equate with the attacker group. The group APT 28, which according to the Federal Government also belongs to the Russian intelligence with probability bordering on security, is held responsible by the BSI for the break. According to a press release from the FBI and NSA, a threat apperas to hack national security systems and customers of the defense industry if they use Linux. The authorities do not name any further or more specific goals.

    One of the main tasks of the modular Linux malware is to communicate with the attackers command and control server. In a report  Drovorub also serves as a kind of intermediary in the target network, through which the attacker can then reach other systems in the attacked network. Thanks to the upload and download functions, it is possible to exfiltrate sensitive data as well as to reload additional malicious codes. Drovorub also includes a shell module that allows attackers to remotely execute commands with root rights.

    Linux malware

    FBI and NSA Advise Linux Admins To Use 3.7 Kernel Version

    With regard to preventive measures against the attackers invisible impact on Linux servers, the extensive statistic is kept very brief. The FBI and NSA advise admins to use the 8 year old kernel version and regularly use all available software updates. The 3.7 version can sign kernel modules and check the signature before loading to ensure that they are intact. Admins should configure their systems so that only modules with a valid signature can be loaded. The measures mentioned, as emphasized by the authorities in the report, hide and seek on the system, but not against the actual compromise that takes place before the kit is installed. Since the gateaways for targeted attacks can be very different from case to case, there is unfortunately no magic solution here.

    Recent Articles

    Unclear cyber attacks that target Covid-19 vaccine campaign

    Security researchers have discovered some cyber attacks that are targeted against the delivery of vaccine against COVID. The targeted attacks began in 2 months...

    New malware called Egregor is on the rise

    New malware is on the rise. The Egregor malware has only been in active for 2 months, but it is already becoming apparent that...

    Anyone with a smartphone can become a victim of cyber-mobbing

    Cyber-mobbing is becoming a huge risk in the current COVID crisis. According to a study, almost 20 percent of students in Germany are exposed...

    macOS Trojans: Traces lead to Vietnam

    Security researchers have discovered a new macOS Trojans. Behind this could be a well known hacker group that has spied on Vietnamese dissidents in...

    Court forces Tutanota to perform a surveillance function

    Tutanota email only stores its user mails in encrypted form and cannot read them itself. Tutanota is one of the few email providers that...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox