Ransomware Reaches Linux
The security firm Dr. Web warns of a new strain of ransomware attacks that is targeting Linux server systems. The attack, which is known as Linux.Encoder.1, is currently preying on web servers. Recent versions gain entry through a flaw in the Magento CMS, but the attack could be adapted to other vectors.
Linux has largely been free of the ransomware craze, in which the attacker encrypts the victim's data and demands a ransom to restore the files. With all the Linux servers on the web, however, experts consider it a matter of time before intruders find ways to exploit Linux users. According to a report in The Register, this attack encrypts the public_html, www, webapp, backup, .git, and .svn directory and asks for a payment of 1 Bitcoin to release the data.
The advice is the same as always: Back up your data, and install security updates to minimize the possibility of intrusion.
ProtonMail Endures Massive DDoS Attack
Swiss secure email provider ProtonMail went offline when a pair of massive denial-of-service attacks took down the service for several days. Attacks began in the night of November 2 and service was finally restored on the morning of November 8 after the company had rebuilt large parts of its internal infrastructure.
Experts piecing through the evidence say the attack came from two different sources. The first phase was a criminal ransom attack, demanding payment of 15 BTC (about $5500). ProtonMail ignored the demand at first but later paid under pressure from other businesses experiencing collateral damage. Soon after the payment, another attack started, which the security team assumed was the ransomers gunning for more. After three days, however, the second attack clearly showed marks of a much more sophisticated enemy. According to the ProtonMail blog post, the second attack "caused the vast majority of the damage, including the downing of the data center and crippling of upstream ISPs, exhibiting capabilities more commonly possessed by state-sponsored actors."
The second attackers never made any demands but simply seemed to want to take ProtonMail offline. A group called the Armada Collective later claimed responsibility for the first attack and denied responsibility for the second onslaught.
ProtonMail calls itself the "world's largest free private email service," and its customers include journalists and activists in several authoritarian countries who use the service to avoid the watchful eyes of governments. Many experts believe a state-sponsored entity wished to intimidate, or possibly bankrupt, ProtonMail by launching the second attack, and they saw the first attack as an opportunity to launch their assault through a cloud of confusion. Luckily, community power slipped into the gap. ProtonMail raised more than $57,000 in just a few days through the ProtonMail Defense Fund to rebuild their infrastructure and retool their systems to resist further attacks.
Ubuntu 15.10 "Wily Werewolf" Appears
Canonical developer Adam Conrad has announced the release of Ubuntu 15.10 "Wily Werewolf." The latest release is the first to include a Linux 4.2-based kernel and the gcc-5 compiler collection. According to the announcement, the Ubuntu desktop edition includes "incremental improvements," such as newer versions of GTK and Qt, Firefox, LibreOffice, and the Unity desktop.
The server edition places the emphasis on OpenStack, with support for the latest OpenStack Liberty release and a full complement of OpenStack modules. Other improvements include new powers for the Juju orchestration tool, Open vSwitch 2.4.0, and the Ceph 0.94.3 "Hammer" distributed storage system.
Ubuntu provides separate editions for various IT use cases, including Desktop and Server, as well as a Cloud edition and the Snappy Core version for embedded single-board systems and devices. The Ubuntu team also supports an entourage of related projects built around different desktops and toolsets. Appearing along with the main Unity-based Ubuntu release were new versions of Kubuntu, Lubuntu, Ubuntu GNOME, Kylin (for Chinese-language users), MATE, Ubuntu Studio, and Xubuntu. See the Ubuntu 15.10 release notes for more on the latest version.
Ubuntu 15.10 is a standard release, with 9 months of free security updates for desktop and server users. The first release of 2016, Ubuntu 16.04 "Xenial Xerus," will be another Long-Term Service (LTS) release, with 5 years of bug fixes and security updates for both the server and desktop editions.
Time Protocol Threat Could Allow Login with Expired Passwords
Cisco's Talos threat intelligence service has uncovered a flaw in the Network Time Protocol (NTP) authentication process that lets an attacker force the NTP daemon into pairing with a malicious time source. According to Talos, this attack "… leverages a logic error in ntpd's handling of certain crypto-NAK packets. When a vulnerable ntpd receives an NTP symmetric active crypto-NAK packet, it will peer with the sender, bypassing authentication typically required to establish a peer association."
Although a time protocol does not provide direct access to financial or medical information, an attacker can do considerable damage if allowed to manipulate network time. Some network services will fail if the system time is out of sync, and control over time parameters could allow access through expired passwords or certificates. Attackers could also cover their tracks or manipulate banking transactions by surreptitiously altering timestamps.
Users are advised to upgrade to ntp-4.2.8p4, which fixes this vulnerability. If an upgrade isn't possible at this time, the Talos report describes some tips for firewall rules that could help mitigate the problem.
Dell Pays $67 Billion for EMC
Dell has announced that it is buying the storage and enterprise technology giant EMC. The $67 billion deal is considered the largest tech purchase in history. According to the announcement, "The combination of Dell and EMC will create the world's largest privately controlled, integrated technology company…. The transaction combines two of the world's greatest technology franchises with leadership positions in servers, storage, virtualization and PCs, and it brings together strong capabilities in the fastest growing areas of the industry, including digital transformation, software-defined data center, hybrid cloud, converged infrastructure, mobile, and security."
Dell got its start selling home and small office PCs, but hardware vendors have known for years that real money is in corporate contracts with enterprise clients. The company has succeeded in bringing itself into the enterprise space but trails some of its competitors in recent technologies such as virtualization, private cloud, and Big Data-style storage solutions. This deal should keep them in the conversation with competitors such as Microsoft, Oracle, IBM, and HP.
Some experts, however, are baffled by the announcement and warn of risks associated with combining two such large and disconnected companies. The biggest prize in the EMC portfolio is the popular VMware virtualization solution and its surrounding technologies. VMware will fit well into the pitch Dell needs to make with large enterprise clients.