Linux OS is perceived to have fewer security vulnerabilities than systems like Windows. However, that doesn’t mean users shouldn’t remain alert to the threat of Drovorub malware, especially when using RDP.
Linux maintains popularity among many users who view it as being faster and more secure than Windows, Android, and other OS installations. Many government organizations rely on Linux for that reason, though it is growing in popularity among many commercial and education sectors. However, a recent alert issued by the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) makes it clear that even Linux users aren’t safe from the threat of a malware attack. The warning outlined the dangers presented to Linux systems by the malware Drovorub.
Exploitation of RDP Vulnerabilities
The changing needs of businesses, school, and government institutions have people relying more and more on Remote Desktop Protocols (RDP) to access remote desktops. They do this to accomplish tasks necessary for their organizations. Many companies have employees using RDP to remote into Windows systems from a computer using Linux OS, and vice versa.
Concerns around the security of ports used for RDP connections have persisted since the introduction of the technology. Those vulnerabilities are precisely what the Drovorub malware looks to exploit. Per the report issues by the NSA and the FBI, the origins of the malware can be traced back to the same Russian hackers responsible for attacks on other business and government platforms.
Many organizations fail to properly secure their RDP setup, giving hackers an entrance to constantly bombard with stolen user credentials until they find the right combination. Once they’re in, those same credentials end up sold to other hackers, leaving institutions exposed to future cyberattacks.
Why Drovorub is a Threat to Linux Users
Drovorub is a full-featured malware toolkit designed to target the Linux OS. It consists of four main components designed to hide inside systems.
Hackers use Drovorub to seize control of an organization’s systems. They may demand a ransom before they will give back control, steal valuable information to sell to other interested parties, or go ahead and implant other malicious malware that impacts the institution’s ability to function.
Protecting Linux Systems Against Drovorub
There are many different Linux RDP clients in use by various institutions with support for protocols like SSH, RDP, VNC, NX, and VNC. There are also some best practices organizations can follow to better protect their Linux systems from infestation by Drovorub malware and other cyber threats, including:
Other steps institutions can take to secure Linux systems include limiting API access, putting in audit processes, and allowing only the minimal amount of security needed to perform a job function. Every organization running instances of Linux OS should remain aware of the evolution of Drovorub and other malware targeted at Linux systems.