Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Crime Linux

Does IceFire Ransomware Portend a Broader Shift From Windows to Linux? (darkreading.com) 28

An anonymous reader shares this report from Dark Reading: In recent weeks, hackers have been deploying the "IceFire" ransomware against Linux enterprise networks, a noted shift for what was once a Windows-only malware.

A report from SentinelOne suggests that this may represent a budding trend. Ransomware actors have been targeting Linux systems more than ever in cyberattacks in recent weeks and months, notable not least because "in comparison to Windows, Linux is more difficult to deploy ransomware against, particularly at scale," Alex Delamotte, security researcher at SentinelOne, tells Dark Reading....

"[M]any Linux systems are servers," Delamotte points out, "so typical infection vectors like phishing or drive-by download are less effective." So instead, recent IceFire attacks have exploited CVE-2022-47986 — a critical remote code execution (RCE) vulnerability in the IBM Aspera data transfer service, with a CVSS rating of 9.8.

Delamotte posits a few reasons for why more ransomware actors are choosing Linux as of late. For one thing, she says, "Linux-based systems are frequently utilized in enterprise settings to perform crucial tasks such as hosting databases, Web servers, and other mission-critical applications. Consequently, these systems are often more valuable targets for ransomware actors due to the possibility of a larger payout resulting from a successful attack, compared to a typical Windows user."

A second factor, she guesses, "is that some ransomware actors may perceive Linux as an unexploited market that could yield a higher return on investment."

While previous reports had IceFire targetting tech companies, SentinelLabs says they've seen recent attacks against organizations "in the media and entertainment sector," impacting victims "in Turkey, Iran, Pakistan, and the United Arab Emirates, which are typically not a focus for organized ransomware actors."
This discussion has been archived. No new comments can be posted.

Does IceFire Ransomware Portend a Broader Shift From Windows to Linux?

Comments Filter:
  • by Anonymous Coward
    You are welcome.
  • ... Before I can get a good Photoshop replacement on Linux.

  • You are conflating Linux on servers, which is incredibly common, with Linux on the desktop, where it isn't.

    • by tbords ( 9006337 )

      You are conflating Linux on servers, which is incredibly common, with Linux on the desktop, where it isn't.

      The kernel is the same in both instances. The same software can run on both desktop and server, though the server often is run headless.

  • I wouldn't be surprised if they're first phishing non-technical users, then using credentials / access gained from that to get at more privileged systems where they can then leverage local privilege escalation exploits.

    In which case these issues would be as much about auditing / managing / limiting which accounts really need access to critical systems as anything else. Does your CEO really need the ability to log into your control systems?

  • how many people use IBM's Aspera data transfer service? I noticed it some years ago (at my job) and called IBM about it. After a one hour teleconference with 5 (presumably highly-paid) IBM reps, I learned that it's not much better than tuned BBCP or the like, and it's hella-expensive... I would never recommend it.
  • While on many operating system environments users are downloading installers from dubious websites or "App-Stores" with no quality standards, software distribution on most Linux-systems is a lot different.
    There you have your distribution. Most end users will never have to install software from outside that distribution. You have your package manager and it contains a curated set of software. There are typically minimal standards set by your distribution, which keeps out deliberate malware. Nobody enters "so

    • If you have end-users installing applications on their desktops, you've recreated the very worst part of Windows XP "security" in Linux (every user an admin)! Congratulations!

      • by bn-7bc ( 909819 )
        Without potting words into Casandros mouth, I thing the end users in question are meant to referee to the computers owner (usually in a home environment this is the same computers only user) and not to a user account vs a root account. And anyway if the root user and the non root user are different persons, the person whith the root privileges has to trust the non root user enugh to add them to the sudoers file/ assign the needed selinux privileges.
  • IBM Aspera Faspex 4.4.2 Patch Level 1 [nist.gov] and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.”
  • "can transfer data up to 100x faster than FTP and HTTP" I'd better get right on this!
  • As more and more incompetent boobs use Linux to do more and more childish stupid shit, it will be more successuflly targetted by malware. Its present saving grace (the same thing that protects "big iron") is that the incompetent children are relegated to playing their childish endeavours at the childrens table using childrens toys. The malware stays where it is most effective -- targetting the children and their silly games.

    The interesting thing is that the problem is not the Operating System but rather t

Never test for an error condition you don't know how to handle. -- Steinbach

Working...