The Linux Turla worm
There is a common misconception that Linux systems are secure “by default”, and whilst it’s true that the operating system of user and file permissions is a robust model, it’s a dangerous mistake to assume that a system is secure just because it’s running Linux.
If you’re thinking right now “I’m a Windows business, this doesn’t affect me…” then think again. Linux is ubiquitous as a web server, DNS server and email server, and is widely used in cloud hosting, storage, telephony and other infrastructure environments that your business probably relies on. Regardless of what your own desktops, laptops, and servers are running, Linux is a part of your business.
It pays, therefore, to keep an eye on what’s going on in the Linux security space, and make sure that the services that your business may rely upon are as secure as they should be.
After ShellShock and Heartbleed, both Linux security issues that affect users and businesses regardless of their “home” operating system because of their impact on widely used cloud services, this month we witnessed the revelation that the “Turla” worm has been infecting Linux systems for years. Already known to exist on the Windows platform, Turla is an extremely advanced piece of malware that is believed to have been “state sponsored”. Last week however, Kaspersky Labs revealed that they had detected a version of Turla running on Linux systems. Circumventing Linux’s permissions model so that it could be run from a normal user’s account, and able to cloak itself from detection by Linux administration tools such as netstat, the Linux version of Turla is one of the most staggering threats to hit the Linux platform to date.
Whilst the average UK business isn’t the target of Turla, the fact that this trojan exists and is hoovering up network data on Linux systems means that there is a very good chance that some of your data could have been sucked up along with whatever it is that the mysterious makers of Turla (and their alleged state sponsors) are really looking for.
If your data lives in a cloud environment or if you use any kind of shared hosting, you should be talking to your provider now to ensure that they are up to date with the latest security patches and anti-virus, and that their Linux environments are Turla free.