Chinese Cybercriminals are Targeting Vulnerable Linux Servers in America

BlackBerry reported that Advanced Persistent Threat (APT) groups have been infiltrating Linux servers for at least 8 years using malware.

In a post titled “Decade of the RATs: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android,” security researchers discovered that these groups have been attacking companies across the globe. All sorts of industries have been targeted by these cybercriminal entities, which have diverse goals ranging from simple cybercrime to corporate espionage.

The RATs report highlighted how five APT groups are collaborating with the Chinese government. The cybercriminals were using remote access trojans (RATs) to gain access to Linux servers.

These groups have specifically singled out Red Hat Enterprise, CentOS, and Ubuntu Linux for economic espionage and intellectual property theft.

The BlackBerry researchers believe that all five groups are working in tandem, due to the similarities in their preferred ways of conducting these attacks.

Eric Cornelius, chief product officer at BlackBerry, hopes that the report will motivate security teams to take cybersecurity threats more seriously and not be so dismissive like in the past.

“Most enterprises today are not focused on Linux as deeply as they should be,” he stated. “Linux malware is a thing and it’s been going on a long time.”

TechRepublic covered the full extent of how vulnerable many organizations are to Chinese cybercrime:

The RAT report illustrates the risk of these infections by listing all the organizations that use Linux: The stock exchanges in New York, London and Tokyo; nearly all the big tech and e-commerce giants are dependent on it, including Google, Yahoo, and Amazon, most U.S. government agencies and the Department of Defense; virtually all of the top one-million websites; 75% of all web servers; 98% of the world’s most advanced supercomputers; and more than 75% of all cloud servers.

Cornelius believes that using open source software is a good strategy for cyber criminals because they can use people’s previous work and because there exists more plausible deniability.

“When people find it, they’ll have a difficult time finding any attribution beyond open source framework,” he stated. “When you custom develop software from the ground up, you put a lot of yourself into it which allows for meaningful attribution.”

Cornelius claimed that there are several obstacles in establishing a Linux defense in the market.

“Because security teams are underfunded and understaffed, they are probably not going to develop bespoke solutions for Linux,” he stated.

U.S. policymakers will have to come to grips with the fact that China is the #1 security threat to America.

Instead, of dropping trillions in never-ending wars in the Middle East, the U.S. should be investing more in its cybersecurity infrastructure.