Admit it: the first thing you think of when ransomware is mentioned is likely Microsoft Windows as an attack surface. The second might be that ransomware is in decline and no longer a significant threat. The thought that Linux could be caught somewhere in all this probably doesn’t enter your head, but it should. The Cybersecurity and Infrastructure Security Agency has issued a timely reminder that Linux can be exploited, as it warns federal agencies to update within days, following confirmation of a Linux vulnerability being used in active ransomware attacks. Here’s what you need to know.
Linux Kernel Vulnerability Exploited By Ransomware Attackers
The CVE-2024-1086 Linux Kernel use-after-free vulnerability “allows a normal user to become an administrator (root), allowing them to change files, disable security, or install malware,” Immersive Security said, adding that “the flaw occurs when the system mishandles memory, allowing attackers to gain complete system control. But that was, checks date, almost two years ago. Indeed, the thing was fixed in January 2024. So, what’s the fuss all of a sudden? Self-described America’s Security Agency, CISA, has issued a binding directive and warning that ransomware threat actors are actively exploiting CVE-2024-1086, giving federal agencies until November 20 to apply the necessary fix or “discontinue use of the product.”
But this isn’t a warning just for those federal agencies, it’s one that all businesses need to take note of. The cost of not doing so could be high as ransomware groups look to exploit this old vulnerability in “certain older versions of the Linux operating system,” as Immersive put it. You can see a complete list of impacted versions here, as published by the US Department of Commerce National Institute of Standards and Technology.
This isn’t theoretical; this is real life. If you are using any of these Linux platform versions, then you need to update as soon as possible. Ransomware actors can use CVE-2024-1086, alongside standard phishing techniques, to cause significant harm to businesses if not. Proof-of-concept code is not difficult to find on the dark web and assorted criminal marketplaces. So, what are you waiting for?