AIX is an open standards-based UNIX operating system, known for its longevity and reliability for server environments across industries around the globe. With organizations relying on AIX for mission-critical workloads, cybersecurity consistently remains top of mind. According to Fortra’s Cybersecurity Trends and Predictions for 2022-2023 Report, malware attacks are projected to rise considerably. As more devices join the internet of things and operation technology (OT) continues to grow, malware will have exponentially more opportunity to break in and spread among networks.
Malware attacks are as widespread as ever, but server-level protection is often ignored or misunderstood. Read on to find out how malware affects AIX servers and how (and why) you should protect your organization from this pressing threat.
What Puts AIX Servers at Risk?
While organizations have become more proactive about cybersecurity, there is often a larger focus on applying antivirus software to their workstation PCs, with less attention paid to the server-side environment. Additionally, there is also a misconception that scanning client PCs is enough, preventing viruses from ever making it to the server.
Mike Davison, a Senior Technical Consultant at Fortra, has experienced this first-hand. Mike has over 30 years of experience assisting customers with storage, disaster recovery, and security on AIX. He has found that:
“Organizations that haven’t implemented AIX antivirus believe AIX is low-risk and that it’s difficult to get UNIX-style viruses and malware on them, especially with Trusted Execution turned on. Many companies believe that AIX is not vulnerable, but like the IBM i, AIX can hide x86 viruses and malware in its filesystems that can come back to reinfect the Windows desktops. AIX can also harbour unwanted programs like remote access utilities and password crackers, specifically written for UNIX systems.”
PCI DSS Compliance and AIX Antivirus Requirements
For companies that are taking malware threats seriously, PCI DSS is often the driving force. Requirement number five states that organizations must use and regularly update antivirus software or programs. For organizations running AIX, this means using an antivirus solution like Powertech Antivirus to detect and quarantine malware specifically designed for UNIX operating systems such as password crackers and remote access utilities.
If your organization handles credit card transactions, you should consider adding server-level antivirus protection. Doing so will not only be crucial when it comes time for an audit, but your organization and its customer’s information will be more secure by following the PCI DSS guidelines and employing this best practice.
The AIX Threat Landscape
Many AIX servers remain either partially or completely unprotected, but malware and other destructive entities can just as easily target your AIX servers (both on-premises or in the cloud). This is particularly problematic because many pieces of malware are designed specifically to attack large servers, which is what AIX typically operates on. For example, the North Korean hacking group Lazarus injected malicious code into the servers of large financial institutions, allowing them to make fraudulent withdrawals from banks across more than 30 different countries.
Cryptojacking is another malicious activity that seeks to exploit large servers. It uses malware to take over a device, using its processing power to create cryptocurrency. When it comes to cryptojacking malware, the more power, the better. Unfortunately, this makes AIX servers perfect targets. For example, the malware dubbed Nansh0u targets corporate networks specifically.
The AIX threat landscape continues to grow in diversity as well as complexity, however, the following are the most common examples of malware that can be found executing on the platform:
- Ebury SSH Malware: Open Backdoor: Used to keep control of services and steal credentials. Has been out for 10 years.
- Cdorked: HTTP Backdoor: Runs in memory and uses a single modified HTTP binary. It is used to redirect web traffic.
- Calfbot: Perl script used to send spam.
- Onimiki: DNS redirection.
How Can You Protect AIX Servers?
These days, most organizations have more than just one OS running in their IT environments. Effective malware defense requires multiple layers, with a holistic view that prioritizes protecting all platforms is the best way to fend off viruses, worms, and other malware threats. It’s important to step outside the Windows box and provide AIX servers with protection designed specifically for AIX.
Native scanning capabilities are essential for AIX servers. Many organizations believe if they scan their client PCs then viruses won’t be able to make it to their servers. However, malware can get past PC-based protection, disable antivirus protection, and infect the server.
Native scanning ensures that this crucial endpoint has reliable defenses that scan every part of the server without overburdening the network. Additionally, native antivirus uses signature files and behavioral scanning designed to detect AIX-specific threats, while still defending against widespread malware that targets multiple operating systems.
Powertech Antivirus for AIX protects your AIX systems by identifying, quarantining, and removing malicious programs before any harm is done. It offers the power and protection of the industry leading scan engines while supporting the specific features of your AIX operating system. With Powertech Antivirus in place, your AIX servers can remain the steady presence they have become known for.
Discover the Protection that Native Antivirus Offers Your AIX Servers
Try Powertech Antivirus free for 30 days. You’ll get unlimited virus scanning, access to our experts, and live, human support.
