Over the first 23 years of this century, the Linux operating system has become as ubiquitous as Windows. Although only 3% of people use it on their laptops and PCs, Linux dominates the Internet of Things, and is also the most popular server OS. You almost certainly have at least one Linux device at home ā your Wi-Fi router. But itās highly likely there are actually many more: Linux is often used in smart doorbells, security cameras, baby monitors, network-attached storage (NAS), TVs, and so on.
At the same time, Linux has always had a reputation of being a ātrouble-freeā OS that requires no special maintenance and is of no interest to hackers. Unfortunately, neither of these things is true of Linux anymore. So what are the threats faced by home Linux devices? Letās consider three practical examples.
Router botnet
By running malware on a router, security camera, or some other device thatās always on and connected to the internet, attackers can exploit it for various cyberattacks. The use of such bots is very popular in DDoS attacks. A textbook case was the Mirai botnet, used to launch the largest DDoS attacks of the past decade.
Another popular use of infected routers is running a proxy server on them. Through such a proxy, criminals can access the internet using the victimās IP address and cover their tracks.
Both of these services are constantly in demand in the cybercrime world, so botnet operators resell them to other cybercriminals.
NAS ransomware
Major cyberattacks on large companies with subsequent ransom demands ā that is, ransomware attacks, have made us almost forget that this underground industry started with very small threats to individual users. Encrypting your computer and demanding a hundred dollars for decryption ā remember that? In a slightly modified form, this threat re-emerged in 2021 and evolved in 2022 ā but now hackers are targeting not laptops and desktops, but home file servers and NAS. At least twice, malware has attacked owners of QNAP NAS devices (Qlocker, Deadbolt). Devices from Synology, LG, and ZyXEL faced attacks as well. The scenario is the same in all cases: attackers hack publicly accessible network storage via the internet by brute-forcing passwords or exploiting vulnerabilities in its software. Then they run Linux malware that encrypts all the data and presents a ransom demand.
Spying on desktops
Owners of desktop or laptop computers running Ubuntu, Mint, or other Linux distributions should also be wary. āDesktopā malware for Linux has been around for a long time, and now you can even encounter it on official websites. Just recently, we discovered an attack in which some users of the Linux version of Free Download Manager (FDM) were being redirected to a malicious repository, where they downloaded a trojanized version of FDM onto their computers.
To pull off this trick, the attackers hacked into the FDM website and injected a script that randomly redirected some visitors to the official, ācleanā version of FDM, and others to the infected one. The trojanized version deployed malware on the computer, stealing passwords and other sensitive information. There have been similar incidents in the past, for example, with Linux Mint images.
Itās important to note that vulnerabilities in Linux and popular Linux applications are regularly discovered (hereās a list just for the Linux kernel). Therefore, even correctly configured OS tools and access roles donāt provide complete protection against such attacks.
Basically, itās no longer advisable to rely on widespread beliefs such as āLinux is less popular and not targetedā, āI donāt visit suspicious websitesā, or ājust donāt work as a root userā. Protection for Linux-based workstations must be as thorough as for Windows and MacOS ones.
How to protect Linux systems at home
Set a strong administrator password for your router, NAS, baby monitor, and home computers. The passwords for these devices must be unique. Brute forcing passwords and trying default factory passwords remain popular methods of attacking home Linux. Itās a good idea to store strong (long and complex) passwords in a password manager so you donāt have to type them in manually each time.
Update the firmware of your router, NAS, and other devices regularly. Look for an automatic update feature in the settings ā thatās very handy here. These updates will protect against common attacks that exploit vulnerabilities in Linux devices.
Disable Web access to the control panel. Most routers and NAS devices allow you to restrict access to their control panel. Ensure your devices cannot be accessed from the internet and are only available from the home network.
Minimize unnecessary services. NAS devices, routers, and even smart doorbells function as miniature servers. They often include additional features like media hosting, FTP file access, printer connections for any home computer, and command-line control over SSH. Keep only the functions you actually use enabled.
Consider limiting cloud functionality. If you donāt use the cloud functions of your NAS (such as WD My Cloud) or can do without them, itās best to disable them entirely and access your NAS only over your local home network. Not only will this prevent many cyberattacks, but it will also safeguard you against incidents on the manufacturerās side.
Use specialized security tools. Depending on the device, the names and functions of available tools may vary. For Linux PCs and laptops, as well as some NAS devices, antivirus solutions are available, including regularly updated open-source options like ClamAV. There are also tools for more specific tasks, such as rootkit detection.
For desktop computers, consider switching to the Qubes operating system. Itās built entirely on the principles of containerization, allowing you to completely isolate applications from each other. Qubes containers are based on Fedora and Debian.
Source: kaspersky.com