In response to the news that Linux.Lady, a Go-based Linux Trojan that mines cryptocurrency, has been uncovered by researchers Ken Bechtel, Malware Research Analyst at Tenable Network Security commented below.
Ken Bechtel, Malware Research Analyst at Tenable Network Security:
“This is far from the first Linux malware; there have been Linux viruses, Trojans, backdoors and worms dating back to the ’80s. While these often are overlooked as annoying, they are out there and exist. The reason they are not more prevalent is that the Linux Operating System is not as common as Microsoft or Apple’s versions. In reality every operating system, dating back to CPM has at least one piece of malware written for the platform. In this case, my best guess would be that the malware authors were looking for a new venue of cryptocurrency mining and to leverage under-protected devices so as to leapfrog into an organization. This can also be leveraged for future attacks against other devices on the compromised network, once a reconnaissance is carried out.
“Organisation should remember to treat the Linux devices within the organization like every other computing device. It’s also critical to install and maintain host security products and harden the operating system. If necessary, due to lack of native scanners, leverage anti-malware products to remote scan the device periodically, per industry best practices.
“I hope this reminds network managers and security administrators that ALL devices are vulnerable to attack and that just because the threat is not as prevalent as on Windows, that doesn’t mean it’s immune to attack. Many people have said “I don’t need Anti-Virus, I run Linux/Mac/etc.,” and every few years I like to remind people this isn’t the case, and that all devices need to be protected.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…