Did I miss the bit where they said how it was delivered?
Never-before-seen Linux malware gets installed using 1-day exploits
Submitted 8 months ago by catculation@lemmy.zip to technology@lemmy.world
https://arstechnica.com/?p=2009493
Comments
octopus_ink@lemmy.ml 8 months ago
UnityDevice@startrek.website 8 months ago
Seems it’s exploiting vulnerabilities in some software called “Ivanti Connect Secure VPN”, so unless you’re running that, you’re safe I guess. Says in the past they used vulnerabilities in “Qlik Sense” and Adobe “Magento”. Never heard of any of those, but I guess maybe some businesses use them?
Macros@feddit.de 8 months ago
Ivanti Connect Secure VPN
So its spreading via a closed source VPN software. Why should you even use that when there is great VPN software available on Linux which work reliable for decades?
Well of course you miss zero trust connections, multi-cloud readiness, award‑winning security and proven secure corporate access …
TonyTonyChopper@mander.xyz 8 months ago
My university has us use Ivanti to connect to our network from offsite…
LodeMike@lemmy.today 8 months ago
“Linux isn’t more secure than Windows! It has vulnerabilities”
The Linux vulnerability: ^
Zozano@lemy.lol 8 months ago
I pay for ProtonVPN, and I still run my traffic through OpenVPN.
Hate to victim blame, but unless you’re going to audit every line of code yourself, don’t use obscure software.
kingorgg@feddit.uk 8 months ago
Magento is the e-commerce platform. Adobe acquired it in 2018. Quite a few businesses use it.
JasonDJ@lemmy.zip 8 months ago
ITT people who don’t understand the difference between “privacy” VPNs pitched by influencers and corporate remote access VPN.
This is the latter. Ivanti bought Pulse a few years back. Pulse, iirc, spun out of Juniper and Netscreen.
Ivanti is a huge name in enterprise management. They make LANdesk which has been one of the most widely deployed enterprise endpoint management tools.
Juniper is one of the biggest names in enterprise and service-provider networks.
peak_dunning_krueger@feddit.de 8 months ago
That’s not good, but it’s not like we can switch to a more secure alternative. ;)
Rooki@lemmy.world 8 months ago
If your distro is affected distro hop to a secure distro and hop back if it is patched ;D
BeigeAgenda@lemmy.ca 8 months ago
Arch! Too much work, then I have to invest in long socks and shave my legs.
qaz@lemmy.world 8 months ago
There is a difference in terms of security between distro’s. SELinux profiles, proper policykit policies, etc.
Kbobabob@lemmy.world 8 months ago
Or, don’t use the affected software?
Chocrates@lemmy.world 8 months ago
Damn, the end of security through obscurity on my Linux box?
kylian0087@lemmy.world 8 months ago
Not exactly. Still miles ahead in terms of security compared to windows. We have things like sandboxing, SELinux/apparmore and more.
interdimensionalmeme@lemmy.ml 8 months ago
I just run everything as root because I have better things to do than hunt permission errors
autotldr@lemmings.world [bot] 8 months ago
This is the best summary I could come up with:
Researchers have unearthed Linux malware that circulated in the wild for at least two years before being identified as a credential stealer that’s installed by the exploitation of recently patched vulnerabilities.
Last Friday, Checkpoint Research revealed that the Linux version has existed since at least the same year, when it was uploaded to the VirusTotal malware identification site.
Checkpoint went on to conclude that Magnet Goblin—the name the security firm uses to track the financially motivated threat actor using the malware—has installed it by exploiting “1-days,” which are recently patched vulnerabilities.
“Magnet Goblin, whose campaigns appear to be financially motivated, has been quick to adopt 1-day vulnerabilities to deliver their custom Linux malware, NerbianRAT and MiniNerbian,” Checkpoint researchers wrote.
In the past, Magnet Goblin has installed the malware by exploiting one-day vulnerabilities in Magento, Qlink Sense, and possibly Apache ActiveMQ.
In the course of its investigation into the Ivanti exploitation, Checkpoint found the Linux version of NerbianRAT on compromised servers that were under the control of Magnet Goblin.
The original article contains 453 words, the summary contains 168 words. Saved 63%. I’m a bot and I’m open source!
sleepmode@lemmy.world 8 months ago
Arstechnica looking like a malware proliferating site itself on mobile.
FrankTheHealer@lemmy.world 8 months ago
It’s one of those ones where you have to install niche software and then not keep an eye on what your system is actually doing, isn’t it?
nyan@lemmy.cafe 8 months ago
Actually, that’s pretty much it. According to the article, it attacks a specific piece of ecommerce software (Magento), and I get the impression the attack isn’t viable if the software has all the latest fixes. So it’s dangerous only to a subset of servers.
boatsnhos931@lemmy.world 8 months ago
Oooo I’m really scared
Warl0k3@lemmy.world 8 months ago
As much as I loathe m$, the one thing they got right was forcing casual users (windows home) to install security updates as top priority, whether they like it or not. I know we all hate on windows, and rightly so, but thst policy does nullify this particular vector and that is great for the consumer-level users.
(… for the sake of argument lets just pretend windows doesnt have 10,000 other vulns the malware devs can just exploit instead)
halcyoncmdr@lemmy.world 8 months ago
Also keep in mind that the main reason Windows is targeted for so many exploits is because of the consumer market share. If Linux consumer market share goes up, so will general malware targeting it. We already saw it happen when OSX share increased and Apple had to abandon the whole “Macs don’t get viruses” schtick.
Chozo@fedia.io 8 months ago
It's kinda crazy that Apple got away with spinning "Our products don't sell well enough for this to be a problem" into a marketing point for as long as they did.
rbos@lemmy.ca 8 months ago
Linux has had a long history of worms and viruses, fortunately (sorta) thanks to its server legacy. Dumb and lazy server admins have given it pretty good ‘secure by default’ behaviours and cultures.
Desktop users though: while different set of challenges.
Molecular0079@lemmy.world 8 months ago
I mean, I don’t think I would mind forced updates if they didn’t take so damned long and fail half the time. And then, just when you think you’ve finished installing all updates, you reboot and there’s more updates! Why can’t they just install it all at once?
Plus, after each major update, Microsoft wastes your time by advertising to you about Edge, Office 365, and OneDrive before they even let you get back into the desktop.
Forced security updates is addressing a symptom but not addressing the root cause, which is that the Windows update process is just painful for a myriad of reasons. In Linux, I run one command, wait 5 minutes, reboot, and I am back to work.
KairuByte@lemmy.dbzer0.com 8 months ago
I legitimately haven’t had a windows update take more than 5 minutes during the reboot phase for years. Most of the time it’s about 30 seconds.
LadyAutumn@lemmy.blahaj.zone 8 months ago
I love that on my arch setup, I update every single day, usually more than once, and doing so almost never requires me to powercycle my computer.
trolololol@lemmy.world 8 months ago
Reboot? What for, most updates don’t need reboot.
jabjoe@feddit.uk 8 months ago
Market share is only any kind Linux dominates servers, routers, and any IOT big enough for a OS. This article is about servers.
For Linux you install unattended upgrades and security updates are done automatically.
root@precious.net 8 months ago
The problem with Windows Updates is that they force new ‘features’ on you along with the patches.
With Linux you get to choose how bleeding edge you want to be, and can generally avoid the monetization crap.
THE_ANTIHERO@lemmy.today 8 months ago
I didn’t think linux had monetization do they ?
jaschen@lemm.ee 8 months ago
I remembered when OSX didn’t barely had any viruses and malware. Then their user base went up and more malware started to appear.
I’m starting to think virus and malware creators only want to focus on making things that will actually be used. Linux being not one of them.
linearchaos@lemmy.world 8 months ago
Even if you don’t pretend it’s way down from where it used to be.
spez_@lemmy.world 8 months ago
I don’t want to install security updates. You cannot and will not force me. Case closed.
Warl0k3@lemmy.world 8 months ago
I have no idea if this is satire or not. Well done.