Cryptojacking attacks have been increasingly prevalent in 2018, even finding their way into the Ubuntu Linux software center. Mark Shuttleworth, the founder of Canonical and Ubuntu Linux, isn’t too worried, though, as he has multiple technologies in place to mitigate risk.
In a video interview with eWEEK, Shuttleworth provides insight into the technologies that Ubuntu uses to help secure applications and users from multiple risks, including cryptojacking. In a recent cryptojacking attack in Ubuntu, applications were found to be conducting unauthorized cryptocurrency mining on user desktops. The issue was quickly resolved, serving as a proof point for the resilience of Ubuntu’s Snap application packaging system for helping to keep systems updated.
“In the architecture of Snaps themselves we put a lot of work into being able to shape the container and define what the container is allowed to do,” Shuttleworth said. “Any application that comes into the Snap Store has to be very explicit about all the things it wants to do.”
The Snap Store provides Ubuntu users with an application repository that has been packaged in the Snap format. Ubuntu has been building out the Snap format since at least 2014 as a way to package and secure applications. In the recent Ubuntu 18.04 update, Snaps became a core element of operating system as well.
Shuttleworth said the Snap platform enables Ubuntu to revert software, wherever it is. Another core attribute of Snaps is that there is cryptographic provenance for software and, as such, Shuttleworth said Canonical knew exactly where the cryptojacking software came from.
“Because the app was a Snap, we were able to act immediately and solve the problem very quickly,” he said.
Shuttleworth said Canonical now also has an upload scanning process, so that every app that is submitted to Ubuntu is analyzed for potential malware before the software is made available to end users.
Kernel Live Patching
For other types of security issues, like the recent Meltdown and Spectre CPU security vulnerabilities, Ubuntu users can benefit from kernel live patching capabilities that were further enhanced in the Ubuntu 18.04 update. With live patching, a running system can be patched without the need to reboot, which is important for production deployments as well as the cloud.
“There was one round of the Meltdown and Spectre vulnerabilities that was so deep and invasive that we couldn’t live patch it, but most small security issues in the Linux kernel can be addressed with Kernel Live Patching,” Shuttleworth said.
Overall, Shuttleworth emphasized that Canonical will continue to balance the needs of an open ecosystem in Linux with the requirements of providing secure and stable software infrastructure for end users and enterprises.
“Security has become a top priority for me and for Canonical. It’s one of the top drivers of engagement for us,” he said.
Watch the full video with Mark Shuttleworth above.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.