Linux This Month: DarkRadiation Ransomware, Debian 10.10 & Rocky Linux 8.4

Alex Alex 01 July
Linux This Month: DarkRadiation Ransomware, Debian 10.10 & Rocky Linux 8.4

In this episode, we're going to cover Rocky Linux 8.4's general availability, the newly released DarkRadiation ransomware, Debian 10.10's arrival, the push to bring Rust to Linux kernel development, and we're saying goodbye to Groovy Gorilla. Let's take a look.

Rocky Linux 8.4 Arrives

Another viable alternative to CentOS has reached general availability with the Rocky Enterprise Software Foundation's first GA release - Rocky Linux 8.4. Rocky Linux 8.4 is based on Red Hat Enterprise Linux 8.4, right down to the bugs.

 Rocky Linux, 8.4, AKA Green Obsidian, has reached general availability, bringing more choice to users looking for a CentOS replacement. Gregory Kurtzer, co-creator CentOS, announced the Rocky project back in December 2020. Shortly after Red Hat announced their decision to move the CentOS project upstream of Red Hat Enterprise Linux leaving many large CentOS users without a longterm future for their install base.  In addition, support for CentOS 8 is slated to end in 2021, adding to the sense of urgency for current users.

Like CentOS before it, Rocky Linux is based on the Red Hat Enterprise Linux codebase, currently version 8.4, right down to the bugs, ensuring compatibility with corresponding RHEL releases, which made CentOS a perfect fit for many users for so many years.

The Rocky Enterprise Software Foundation was also created to keep Rocky Linux independent and to build a community charter that will enable and protect users and the larger community.

AlmaLinux

AlmaLinux, another RHEL-based distribution that aims to fill the void left by CentOS moving upstream, is currently the other major alternative for users looking to migrate away from CentOS. AlmaLinux parent company Cloud Linux was able to leverage their experience, producing a security-hardened RHEL clone to get their CentOS replacement to market in short order.

Ubuntu 20.10 Groovy Gorilla

If you're running Ubuntu 20.10, listen up. 20.10, or Groovy Gorilla, was released back in October 2020, and support is about to end with 20.10 reaching end-of-life on July 22nd, 2021. Those who are on 20.10 have been advised to update to 21.04, which is an actively supported release. Ubuntu 20.10 was the first Ubuntu release to support Raspberry Pi 4 and included kernel 5.8, nftables, GNOME 3.38, and more. We may be saying farewell to 20.10, but we'll keep a special place in our heart right next to Slackware Linux.

Debian 10

The 10th update of the 10th stable distribution of Debian, AKA Buster, has arrived. This update brings 136 updated packages, 55 of which are security updates. Bug fixes include new versions of clamav, MariaDB, the NVIDIA graphics drivers, and the Linux kernel. Security fixes include nginx, bind9, tomcat9, and squid. Existing users can get the point-ten, goodness using the app installer while those who are starting from scratch can download a fresh copy from the Debian mirrors. Get it while it's hot.

Rust in Linux

With the backing of Google and the Internet Security Research Group, as well as the blessing of Linus Torvalds, the call to bring Rust to the table for Linux kernel development is starting to look like a reality. It is believed that kernel development and Rust will help reduce the number of bugs, increasing the security and stability of Linux. 

While the Linux kernel has historically been written in C, Google and the Internet Security Research Group, the folks who brought us Let's Encrypt, have joined a chorus of voices calling to bring Rust to Linux kernel development.

Historically, C has been used for Linux kernel development in with the quality of Linux kernel code and standards review, it's been relatively safe. Still kernel code is not immune to memory safety bugs and Rust offers most of what developers rely on with C, but it is believed that using Rust will reduce the number of bugs in the kernel, increasing the security and stability of Linux.

Rust does this by implementing safe and unsafe Rust, where programmers can operate in safety, unless they need to perform an unsafe operation where they will declare this to the compiler. This results in safer code on the whole.

Proponents for Rust adoption aren't calling for a top-down rewrite, but to allow new code to be written using Rust so that future memory safety bugs will trend downward as more new code is introduced. A great example of this would be device driver development. As kernel development progresses, more of kernel could be moved to Rust, enhancing memory safety.

Due to the widespread adoption of Linux, anything that can be done to enhance kernel security is a big deal. Hence the heavyweight backing. Even the man himself, Linus Torvalds, is onboard with inviting Rust to the party. Here's to a very Rusty kernel in the future.

DarkRadiation ransomware

Researchers have recently discovered a new ransomware variant, DarkRadiation, that appears to be under development. DarkRadiation, which is implemented in Bash, avoids many common malware detection methods. It targets mainly Red Hat in Debian-based distributions, going after Docker containers running on these hosts as well. We'll also take a deeper look at DarkRadiation in our top stories.

A new ransomware variant, DarkRadiation, which avoids many common detection methods, has grabbed the attention of malware researchers. Favoring Red Hat and Debian-based distributions, DarkRadiation also targets Docker containers running on these hosts as well, which should give enterprises a moment of pause.

DarkRadiation, which is implemented in Bash, not only uses OpenSSL to encrypt files, but leverages the Telegram messaging service for command and control communications. The malware hides itself in places that most administrators aren't keeping a close eye on, like directories for 'man' pages. In addition, there are mechanisms for obfuscating the Bash scripts by breaking them up into chunks so they can be reassembled later to be executed.

So far there haven't been any reports of real-world attacks using DarkRadiation, with the consensus of researchers being that the malware is still under development. But those operating Linux systems should be vigilant as the potential for damage is there, with researchers still unfolding the puzzle of DarkRadiation. Check your systems and be safe out there. 

Comments (0)

    No comments yet

You must be logged in to comment.

Sign In / Sign Up