Cyber security news for all

More

    FBI and NSA warn in a joint report about the previously unknown Linux malware

    The NSA has published some details about an undiscovered Linux malware that is currently used by a Russian intelligence service for targeted attacks.

    The US security authorities equate with the attacker group. The group APT 28, which according to the Federal Government also belongs to the Russian intelligence with probability bordering on security, is held responsible by the BSI for the break. According to a press release from the FBI and NSA, a threat apperas to hack national security systems and customers of the defense industry if they use Linux. The authorities do not name any further or more specific goals.

    One of the main tasks of the modular Linux malware is to communicate with the attackers command and control server. In a report  Drovorub also serves as a kind of intermediary in the target network, through which the attacker can then reach other systems in the attacked network. Thanks to the upload and download functions, it is possible to exfiltrate sensitive data as well as to reload additional malicious codes. Drovorub also includes a shell module that allows attackers to remotely execute commands with root rights.

    Linux malware

    FBI and NSA Advise Linux Admins To Use 3.7 Kernel Version

    With regard to preventive measures against the attackers invisible impact on Linux servers, the extensive statistic is kept very brief. The FBI and NSA advise admins to use the 8 year old kernel version and regularly use all available software updates. The 3.7 version can sign kernel modules and check the signature before loading to ensure that they are intact. Admins should configure their systems so that only modules with a valid signature can be loaded. The measures mentioned, as emphasized by the authorities in the report, hide and seek on the system, but not against the actual compromise that takes place before the kit is installed. Since the gateaways for targeted attacks can be very different from case to case, there is unfortunately no magic solution here.

    Recent Articles

    Maze leaks data on its own platform

    The Maze ransomware has been up to almost a year and a half. This week, security experts warned about the actions of the cyber...

    Emotet to spread the malware behind email archives

    If you find an attached pack to an email these days, you should be particularly careful: the highly developed malware Emotet could be lurking...

    500,000 Activision accounts have been leaked

    Activision has taken a position on the alleged leak. According to the publisher, there has never been a data leak. In some cases it is...

    Judge issues injunction against WeChat

    The US government wanted to take action against the app WeChat. A judge stood sideways. The app should disappear from the platforms in the...

    Mail provider Tutanota becomes target of cyber attacks

    Over the weekend, ongoing DDoS attacks and an infrastructure problem resulted in downtime for hundreds of users. While some were able to mitigate most...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox