{"id":49105,"date":"2023-09-27T10:16:42","date_gmt":"2023-09-27T14:16:42","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=49105"},"modified":"2023-09-27T10:16:42","modified_gmt":"2023-09-27T14:16:42","slug":"linux-at-home-threats-and-protection","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/linux-at-home-threats-and-protection\/49105\/","title":{"rendered":"Three common attacks on Linux in homes"},"content":{"rendered":"<p>Over the first 23 years of this century, the Linux operating system has become as ubiquitous as Windows. Although only 3% of people use it on their laptops and PCs, Linux <a href=\"https:\/\/truelist.co\/blog\/linux-statistics\/\" target=\"_blank\" rel=\"nofollow noopener\">dominates the Internet of Things<\/a>, and is also the most popular server OS. You almost certainly have at least one Linux device at home \u2014 your Wi-Fi router. But it\u2019s highly likely there are actually many more: Linux is often used in smart doorbells, security cameras, baby monitors, network-attached storage (NAS), TVs, and so on.<\/p>\n<p>At the same time, Linux has always had a reputation of being a \u201ctrouble-free\u201d OS that requires no special maintenance and is of no interest to hackers. Unfortunately, neither of these things is true of Linux anymore. So what are the threats faced by home Linux devices? Let\u2019s consider three practical examples.<\/p>\n<h2>Router botnet<\/h2>\n<p>By running malware on a router, security camera, or some other device that\u2019s always on and connected to the internet, attackers can exploit it for various cyberattacks. The use of such bots is very popular in <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/ddos-distributed-denial-of-service-attack\/\" target=\"_blank\" rel=\"noopener\">DDoS attacks<\/a>. A textbook case was the <a href=\"https:\/\/www.kaspersky.com\/blog\/attack-on-dyn-explained\/13325\/\" target=\"_blank\" rel=\"noopener nofollow\">Mirai botnet<\/a>, used to launch the largest DDoS attacks of the past decade.<\/p>\n<p>Another popular use of infected routers is <a href=\"https:\/\/thehackernews.com\/2023\/07\/avrecon-botnet-leveraging-compromised.html\" target=\"_blank\" rel=\"nofollow noopener\">running a proxy server on them<\/a>. Through such a proxy, criminals can access the internet using the victim\u2019s IP address and cover their tracks.<\/p>\n<p>Both of these services are constantly in demand in the cybercrime world, so botnet operators resell them to other cybercriminals.<\/p>\n<h2>NAS ransomware<\/h2>\n<p>Major cyberattacks on large companies with subsequent ransom demands \u2014 that is, <a href=\"https:\/\/www.kaspersky.com\/blog\/top5-ransomware-groups\/39426\/\" target=\"_blank\" rel=\"noopener nofollow\">ransomware attacks<\/a>, have made us almost forget that this underground industry started with very small <a href=\"https:\/\/noransom.kaspersky.com\/\" target=\"_blank\" rel=\"noopener\">threats to individual users<\/a>. Encrypting your computer and demanding a hundred dollars for decryption \u2014 remember that? In a slightly modified form, this threat re-emerged in 2021 and evolved in 2022 \u2014 but now hackers are targeting not laptops and desktops, but home file servers and NAS. At least twice, malware has attacked owners of QNAP NAS devices (<a href=\"https:\/\/www.qnap.com\/en\/how-to\/tutorial\/article\/manually-install-qrescue-to-recover-qlocker-encrypted-files-on-qnap-nas\" target=\"_blank\" rel=\"nofollow noopener\">Qlocker<\/a>, <a href=\"https:\/\/arstechnica.com\/information-technology\/2022\/09\/new-wave-of-data-destroying-ransomware-attacks-hits-qnap-nas-devices\/\" target=\"_blank\" rel=\"nofollow noopener\">Deadbolt<\/a>). Devices from Synology, LG, and ZyXEL faced attacks as well. The scenario is the same in all cases: attackers hack publicly accessible network storage via the internet by brute-forcing passwords or exploiting vulnerabilities in its software. Then they run Linux malware that encrypts all the data and presents a ransom demand.<\/p>\n<h2>Spying on desktops<\/h2>\n<p>Owners of desktop or laptop computers running Ubuntu, Mint, or other Linux distributions should also be wary. \u201cDesktop\u201d malware for Linux has been around <a href=\"https:\/\/securelist.com\/the-myth-of-nix-security\/30511\/\" target=\"_blank\" rel=\"noopener\">for a long time<\/a>, and now you can even encounter it on official websites. Just recently, we discovered an attack in which some <a href=\"https:\/\/securelist.com\/backdoored-free-download-manager-linux-malware\/110465\/\" target=\"_blank\" rel=\"noopener\">users of the Linux version of Free Download Manager (FDM) were being redirected to a malicious repository<\/a>, where they downloaded a trojanized version of FDM onto their computers.<\/p>\n<p>To pull off this trick, the attackers hacked into the FDM website and injected a script that randomly redirected some visitors to the official, \u201cclean\u201d version of FDM, and others to the infected one. The trojanized version deployed malware on the computer, stealing passwords and other sensitive information. There have been similar incidents in the past, for example, <a href=\"https:\/\/securelist.com\/beware-of-backdoored-linux-mint-isos\/73893\/\" target=\"_blank\" rel=\"noopener\">with Linux Mint images<\/a>.<\/p>\n<p>It\u2019s important to note that vulnerabilities in Linux and popular Linux applications are regularly discovered (here\u2019s a <a href=\"https:\/\/www.cvedetails.com\/product\/47\/Linux-Linux-Kernel.html?vendor_id=33\" target=\"_blank\" rel=\"nofollow noopener\">list<\/a> just for the Linux kernel). Therefore, even correctly configured OS tools and access roles don\u2019t provide complete protection against such attacks.<\/p>\n<p>Basically, it\u2019s no longer advisable to rely on widespread beliefs such as \u201cLinux is less popular and not targeted\u201d, \u201cI don\u2019t visit suspicious websites\u201d, or \u201cjust don\u2019t work as a root user\u201d. Protection for Linux-based workstations must be as thorough as for Windows and MacOS ones.<\/p>\n<h2>How to protect Linux systems at home<\/h2>\n<p><strong>Set a strong administrator password<\/strong> for your router, NAS, baby monitor, and home computers. The passwords for these devices must be unique. Brute forcing passwords and trying default factory passwords remain popular methods of attacking home Linux. It\u2019s a good idea to store <a href=\"https:\/\/www.kaspersky.com\/blog\/strong-password-day\/25519\/\" target=\"_blank\" rel=\"noopener nofollow\">strong (long and complex) passwords<\/a> in a <a href=\"https:\/\/www.kaspersky.com\/password-manager?icid=gl_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____kpm___\" target=\"_blank\" rel=\"noopener nofollow\">password manager<\/a> so you don\u2019t have to type them in manually each time.<\/p>\n<p><strong>Update the firmware of your router, NAS, and other devices regularly.<\/strong> Look for an automatic update feature in the settings \u2014 that\u2019s very handy here. These updates will protect against common attacks that exploit vulnerabilities in Linux devices.<\/p>\n<p><strong>Disable Web access to the control panel.<\/strong> Most routers and NAS devices allow you to restrict access to their control panel. Ensure your devices cannot be accessed from the internet and are only available from the home network.<\/p>\n<p><strong>Minimize unnecessary services.<\/strong> NAS devices, routers, and even smart doorbells function as miniature servers. They often include additional features like media hosting, FTP file access, printer connections for any home computer, and command-line control over SSH. Keep only the functions you actually use enabled.<\/p>\n<p><strong>Consider limiting cloud functionality.<\/strong> If you don\u2019t use the cloud functions of your NAS (such as WD My Cloud) or can do without them, it\u2019s best to disable them entirely and access your NAS only over your local home network. Not only will this prevent many cyberattacks, but it will also safeguard you against <a href=\"https:\/\/www.bleepingcomputer.com\/news\/technology\/western-digital-struggles-to-fix-massive-my-cloud-outage-offers-workaround\/\" target=\"_blank\" rel=\"nofollow noopener\">incidents on the manufacturer\u2019s side<\/a>.<\/p>\n<p><strong>Use specialized security tools.<\/strong> Depending on the device, the names and functions of available tools may vary. For Linux PCs and laptops, as well as some NAS devices, antivirus solutions are available, including regularly updated open-source options like ClamAV. There are also tools for more specific tasks, such as rootkit detection.<\/p>\n<p><strong>For desktop computers, consider switching to the Qubes operating system<\/strong>. It\u2019s built entirely on the principles of containerization, allowing you to completely isolate applications from each other. Qubes containers are based on Fedora and Debian.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kpm-download\">\n","protected":false},"excerpt":{"rendered":"<p>Even if you don&#8217;t know it, you probably have devices running Linux at home \u2014 and they need protection too! Here are three Linux threats that even IT professionals often forget about.<\/p>\n","protected":false},"author":2722,"featured_media":49106,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1789,2683,9],"tags":[392,1058,794,562,2473,420,97,660,2918,321,131],"class_list":{"0":"post-49105","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"category-threats","9":"category-tips","10":"tag-botnet","11":"tag-ddos","12":"tag-iot","13":"tag-linux","14":"tag-mirai","15":"tag-ransomware","16":"tag-security-2","17":"tag-smart-home","18":"tag-supply-chain","19":"tag-technology","20":"tag-tips"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/linux-at-home-threats-and-protection\/49105\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/linux-at-home-threats-and-protection\/26290\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/linux-at-home-threats-and-protection\/21723\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/linux-at-home-threats-and-protection\/28965\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/linux-at-home-threats-and-protection\/26572\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/linux-at-home-threats-and-protection\/26728\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/linux-at-home-threats-and-protection\/29219\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/linux-at-home-threats-and-protection\/28072\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/linux-at-home-threats-and-protection\/36168\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/linux-at-home-threats-and-protection\/21052\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/linux-at-home-threats-and-protection-2\/21843\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/linux-at-home-threats-and-protection\/30544\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/linux-at-home-threats-and-protection\/34914\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/linux-at-home-threats-and-protection\/26845\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/linux-at-home-threats-and-protection\/32574\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/linux-at-home-threats-and-protection\/32227\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/linux\/","name":"Linux"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/49105","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=49105"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/49105\/revisions"}],"predecessor-version":[{"id":49108,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/49105\/revisions\/49108"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/49106"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=49105"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=49105"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=49105"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}