ClickCease cisa-warns-of-new-malware-exploiting-known-kernel-vulnerabilities
Malware & Exploits,

CISA Warns of New Malware Exploiting Known Kernel Vulnerabilities

November 10, 2022
Cisa Warns

Last year, CISA created a list of vulnerabilities being actively exploited and a list of applications directly affected by those vulnerabilities. Over time, the list has been updated to reflect new and emerging threats.

Very recently, a new malware was discovered and CISA added two new vulnerabilities to that list, as they are being actively exploited by the malware to spread into new target systems.

The malware in question is called “Shikitega”, identified by AT&T’s Alien Labs in September. It targets systems running Linux, including IoT devices, and gains full system access by leveraging known exploits on the Linux kernel. So far, it has been used to deploy cryptocurrency miners to affected systems, but this type of malware is usually flexible enough to deploy different payloads to different targets (for example, ransomware instead of a cryptominer).

The two vulnerabilities are CVE-2021-4034 and CVE-2021-3493. Both were identified, as the identifier implies, in 2021, and both have patches available. The fact that there are still systems vulnerable to them speaks to how slow proper patching processes are in many organizations. 

CVE-2021-4034, better known by the name PwnKit, made the rounds across a number of news sites, facilitated by the fact that its exploit was both reliable and relatively easy to trigger and how widely spread it was –  as pkexec, its target, is present in most (all?) Linux systems. A more detailed description can be found in the TuxCare blog here.

The other vulnerability, CVE-2021-3493, is a bug in the overlayFS implementation, and was used in conjunction with PwnKit to obtain elevated privileges in the target systems.

By adding those vulnerabilities to the Known Exploited Vulnerabilities Catalog, CISA has provided a strict deadline to federal agencies by which they must fix those flaws in the systems they manage.

If you are still running systems not patched against these, and many other, Linux kernel vulnerabilities, you should consider a different approach to your patch management operations and consider a disruption-free alternative to traditional patching by using KernelCare’s Live Patching service. Vulnerabilities are patched quickly by KernelCare, providing the protection necessary to guard against Shikitega and other threats that could exploit them.

Summary
CISA Warns of New Malware Exploiting Known Kernel Vulnerabilities
Article Name
CISA Warns of New Malware Exploiting Known Kernel Vulnerabilities
Description
Last year, CISA created a list of vulnerabilities being actively exploited. Over time, the list has been updated to reflect new and emerging threats.
Author
Publisher Name
TuxCare
Publisher Logo

TuxCare can help you reduce your risk window to data exfiltration and other cyber security threats.

TALK TO A CYBERSECURITY EXPERT

Expert knowledge of Linux security tips,
live patching education, and Cybersecurity news.

Stay updated with the latest news and announcements from TuxCare.com

Related Articles

The Bugs Behind the Vulnerabilities...

We continue to look at the code issues that cause...

November 14, 2022

The Bugs Behind the Vulnerabilities...

It’s common to hear about new vulnerabilities and exploits, some...

October 31, 2022

Lazarus hackers exploit Dell driver...

ESET researchers have uncovered the malicious activities of Lazarus, a...

October 17, 2022

Hackers actively exploit critical Bitbucket...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added...

October 14, 2022

After “Dirty Pipe”, Linux is...

While many were away enjoying some well-deserved R&R, security researchers,...

October 13, 2022

Chaos malware targets multiple...

According to researchers from Lumen-based Black Lotus Lab, a new...

October 13, 2022

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching