mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-02-03 23:40:14 +08:00
geekpi
GitHub
commit
1d9cdbd9b1
@ -1,101 +0,0 @@
|
||||
translating---geekpi
|
||||
|
||||
IoT Fuels Growth of Linux Malware
|
||||
============================================================
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
[**Managing Your Intellectual Property Integrity During M&A Transactions**][7]
|
||||
[][8]Flexera Software presents best practices and methodology for the technical due diligence auditing process.
|
||||
**[Download the White Paper][3]**
|
||||
|
||||
Malware targeting Linux systems is growing, largely due to a proliferation of devices created to connect to the Internet of Things.
|
||||
|
||||
That is one of the findings in a report [WatchGuard Technologies][4], a maker of network security appliances, released last week.
|
||||
|
||||
The report, which analyzes data gathered from more than 26,000 appliances worldwide, found three Linux malware programs in the top 10 for the first quarter of the year, compared with only one during the previous period.
|
||||
|
||||
"Linux attacks and malware are on the rise," wrote WatchGuard CTO Corey Nachreiner and Security Threat Analyst Marc Laliberte, coauthors of the report. "We believe this is because systemic weaknesses in IoT devices, paired with their rapid growth, are steering botnet authors towards the Linux platform."
|
||||
|
||||
However, "blocking inbound Telnet and SSH, along with using complex administrative passwords, can prevent the vast majority of potential attacks," they suggested.
|
||||
|
||||
### New Avenue for Hackers
|
||||
|
||||
Linux malware began growing at the end of last year with the Mirai botnet, observed Laliberte. Mirai made a splash in September when it was used to attack part of the Internet's infrastructure and knock millions of users offline.
|
||||
|
||||
"Now, with IoT devices skyrocketing, a whole new avenue is opening up to attackers," he told LinuxInsider. "It's our belief that the rise we're seeing in Linux malware is going hand in hand with that new target on the Internet."
|
||||
|
||||
Makers of IoT devices haven't been showing a great deal of concern about security, Laliberte continued. Their goals are to make their devices work, make them cheap, and make them quickly.
|
||||
|
||||
"They really don't care about security during the development process," he said.
|
||||
|
||||
### Trivial Pursuits
|
||||
|
||||
Most IoT manufacturers use stripped down versions of Linux because the operating system requires minimal system resources to operate, said Paul Fletcher, cybersecurity evangelist at [Alert Logic][5].
|
||||
|
||||
"When you combine that with the large quantity of IoT devices being connected to the Internet, that equals a large volume of Linux systems online and available for attack," he told LinuxInsider.
|
||||
|
||||
In their desire to make their devices easy to use, manufacturers use protocols that are also user-friendly for hackers.
|
||||
|
||||
"Attackers can gain access to these vulnerable interfaces, then upload and execute the malicious code of their choice," Fletcher said.
|
||||
|
||||
Manufacturers frequently have poor default settings for their devices, he pointed out.
|
||||
|
||||
"Often, admin accounts have blank passwords or easy-to-guess default passwords, such as 'password123,'" Fletcher said.
|
||||
|
||||
The security problems often are "nothing Linux-specific per se," said Johannes B. Ullrich, chief research officer at the [SANS Institute][6].
|
||||
|
||||
"The manufacturer is careless on how they configured the device, so they make it trivial to exploit these devices," he told LinuxInsider.
|
||||
|
||||
### Malware in Top 10
|
||||
|
||||
These Linux malware programs cracked the top 10 in WatchGuard's tally for the first quarter:
|
||||
|
||||
* Linux/Exploit, which catches several malicious trojans used to scan systems for devices that can be enlisted into a botnet.
|
||||
|
||||
* Linux/Downloader, which catches malevolent Linux shell scripts. Linux runs on many different architectures, such as ARM, MIPS and traditional x86 chipsets. An executable compiled for one architecture will not run on a device running a different one, the report explains. Thus, some Linux attacks exploit dropper shell scripts to download and install the proper malicious components for the architecture they are infecting.
|
||||
|
||||
* Linux/Flooder, which catches Linux distributed-denial-of-service tools, such as Tsunami, used to perform DDoS amplification attacks, as well as DDoS tools used by Linux botnets like Mirai. "As the Mirai botnet showed us, Linux-based IoT devices are a prime target for botnet armies," the report notes.
|
||||
|
||||
### Web Server Battleground
|
||||
|
||||
A shift in how adversaries are attacking the Web has occurred, the WatchGuard report notes.
|
||||
|
||||
At the end of 2016, 73 percent of Web attacks targeted clients -- browsers and supporting software, the company found. That radically changed during the first three months of this year, with 82 percent of Web attacks focused on Web servers or Web-based services.
|
||||
|
||||
"We don't think drive-by download style attacks will go away, but it appears attackers have focused their efforts and tools on trying to exploit Web server attacks," report coauthors Nachreiner and Laliberte wrote.
|
||||
|
||||
There's been a decline in the effectiveness of antivirus software since the end of 2016, they also found.
|
||||
|
||||
"For the second quarter in a row, we have seen our legacy AV solution miss a lot of malware that our more advanced solution can catch. In fact, it has gone up from 30 percent to 38 percent," Nachreiner and Laliberte reported.
|
||||
|
||||
"Nowadays, cyber criminals use many subtle tricks to repack their malware so that it evades signature-based detection," they noted. "This is why so many networks that use basic AV become victims of threats like ransomware."
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
作者简介:
|
||||
|
||||
John P. Mello Jr. has been an ECT News Network reporter since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the Boston Phoenix, Megapixel.Net and Government Security News. Email John.
|
||||
|
||||
-------------
|
||||
|
||||
via: http://www.linuxinsider.com/story/84652.html
|
||||
|
||||
作者:[John P. Mello Jr ][a]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:john.mello@newsroom.ectnews.com
|
||||
[1]:http://www.linuxinsider.com/story/84652.html?rss=1#
|
||||
[2]:http://www.linuxinsider.com/perl/mailit/?id=84652
|
||||
[3]:http://www.linuxinsider.com/story/84652.html?rss=1
|
||||
[4]:http://www.watchguard.com/
|
||||
[5]:http://www.alertlogic.com/
|
||||
[6]:http://www.sans.org/
|
||||
[7]:http://www.linuxinsider.com/story/84652.html?rss=1
|
||||
[8]:http://www.linuxinsider.com/story/84652.html?rss=1
|
||||
@ -0,0 +1,91 @@
|
||||
物联网对 Linux 恶意软件的助长
|
||||
============================================================
|
||||
|
||||
|
||||
针对 Linux 系统的恶意软件正在增长,这主要是由于连接到物联网设备的激增。
|
||||
|
||||
这是上周发布的网络安全设备制造商 [WatchGuard Technologies][4] 的一篇报告。
|
||||
|
||||
该报告分析了全球 26,000 多件设备收集到的数据,今年第一季度的前 10 中发现了三个针对 Linux 的恶意软件,而上一季度仅有一个。
|
||||
|
||||
WatchGuard 的 CTO Corey Nachreiner 和安全威胁分析师 Marc Laliberte 写道:“Linux 攻击和恶意软件正在兴起。我们相信这是因为 IoT 设备的系统性弱点与其快速增长相结合,它正在将僵尸网络作者转向 Linux 平台。”
|
||||
|
||||
但是,他们建议“阻止入站 Telnet 和 SSH,以及使用复杂的管理密码,可以防止绝大多数潜在的攻击”。
|
||||
|
||||
### 黑客的新大道
|
||||
|
||||
Laliberte 观察到,Linux 恶意软件在去年年底随着 Mirai 僵尸网络开始增长。Mirai 在九月份曾经用来攻击部分互联网的基础设施,使数百万用户离线。
|
||||
|
||||
他告诉 LinuxInsider,“现在,随着物联网设备的飞速发展,一条全新的大道正在向攻击者开放。我们相信,随着互联网上新目标的出现,Linux 恶意软件会逐渐增多。”
|
||||
|
||||
Laliberte 继续说,物联网设备制造商并没有对安全性表现出很大的关注。他们的目标是使他们的设备能够使用、便宜,制造快速。
|
||||
|
||||
他说:“他们真的不关心开发过程中的安全。”
|
||||
|
||||
### 微不足道的追求
|
||||
|
||||
[Alert Logic][5] 的网络安全宣传员 Paul Fletcher说,大多数物联网制造商都使用 Linux 的裁剪版本,因为操作系统需要最少的系统资源来运行。
|
||||
|
||||
他告诉 LinuxInsider,“当你将大量与互联网连接的物联网设备结合在一起时,这相当于在线大量的 Linux 系统,它们可用于攻击。”
|
||||
|
||||
为了使设备易于使用,制造商使用的协议对黑客也是友好的。
|
||||
|
||||
Fletcher 说:“攻击者可以访问这些易受攻击的接口,然后上传并执行他们选择的恶意代码。”
|
||||
|
||||
他指出,厂商经常对设备的默认设置很差。
|
||||
|
||||
Fletcher说:“通常,管理员帐户是空密码或易于猜测的默认密码,例如‘password123’。”
|
||||
|
||||
[SANS 研究所][6] 首席研究员 Johannes B. Ullrich 表示,安全问题通常是“本身不限定 Linux”。
|
||||
|
||||
他告诉L inuxInsider,“制造商对他们如何配置设备不屑一顾,所以他们使这些设备的利用变得微不足道。”
|
||||
|
||||
### 10 大恶意软件
|
||||
|
||||
这些 Linux 恶意软件在 WatchGuard 的第一季度的统计数据中占据了前 10 名:
|
||||
|
||||
* Linux/Exploit,它使用几种木马来扫描可以列入僵尸网络的设备。
|
||||
|
||||
* Linux/Downloader,它使用恶意的 Linux shell 脚本。Linux 运行在许多不同的架构上,如 ARM、MIPS 和传统的 x8 6芯片组。报告解释说,一个根据架构编译的可执行文件不能在不同架构的设备上运行。因此,一些 Linux 攻击利用 dropper shell 脚本下载并安装它们所感染的体系架构的适当恶意组件。
|
||||
|
||||
* Linux/Flooder,它使用了 Linux 分布式拒绝服务工具,如 Tsunami,用于执行 DDoS 放大攻击,以及 Linux 僵尸网络(如 Mirai)使用的 DDoS 工具。报告指出:“正如 Mirai 僵尸网络向我们展示的,基于 Linux 的物联网设备是僵尸网络军队的主要目标。
|
||||
|
||||
### Web 服务器战场
|
||||
|
||||
WatchGuard 报告指出,敌人攻击网络的方式发生了变化。
|
||||
|
||||
公司发现,到 2016 年底,73% 的 Web 攻击针对客户端 - 浏览器和配套软件。今年头三个月发生了彻底改变,82% 的 Web 攻击集中在 Web 服务器或基于 Web 的服务上。
|
||||
|
||||
报告合著者 Nachreiner 和 Laliberte 写道:“我们不认为下载风格的攻击将会消失,但似乎攻击者已经集中力量和工具来试图利用 Web 服务器攻击。”
|
||||
|
||||
他们也发现,自 2006 年底以来,杀毒软件的有效性有所下降。
|
||||
|
||||
Nachreiner 和 Laliberte 报道说:“连续的第二季,我们看到使用传统的杀毒软件解决方案漏掉了使用我们更先进的解决方案可以捕获的大量恶意软件,实际上已经从 30% 上升到了 38%。”
|
||||
|
||||
他说:“如今网络犯罪分子使用许多精妙的技巧来重新包装恶意软件,从而避免了基于签名的检测。这就是为什么使用基本杀毒的许多网络成为诸如赎金软件之类威胁的受害者。”
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
作者简介:
|
||||
|
||||
John P. Mello Jr.自 2003 年以来一直是 ECT 新闻网记者。他的重点领域包括网络安全、IT问题、隐私权、电子商务、社交媒体、人工智能、大数据和消费电子。 他撰写和编辑了众多出版物,包括“波士顿商业杂志”、“波士顿凤凰”、“Megapixel.Net” 和 “政府安全新闻”。给 John 发邮件。
|
||||
|
||||
-------------
|
||||
|
||||
via: http://www.linuxinsider.com/story/84652.html
|
||||
|
||||
作者:[John P. Mello Jr ][a]
|
||||
译者:[geekpi](https://github.com/geekpi)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:john.mello@newsroom.ectnews.com
|
||||
[1]:http://www.linuxinsider.com/story/84652.html?rss=1#
|
||||
[2]:http://www.linuxinsider.com/perl/mailit/?id=84652
|
||||
[3]:http://www.linuxinsider.com/story/84652.html?rss=1
|
||||
[4]:http://www.watchguard.com/
|
||||
[5]:http://www.alertlogic.com/
|
||||
[6]:http://www.sans.org/
|
||||
[7]:http://www.linuxinsider.com/story/84652.html?rss=1
|
||||
[8]:http://www.linuxinsider.com/story/84652.html?rss=1
|
||||
Loading…
Reference in New Issue
Block a user