In the first half of 2021, coinminers, web shells, and ransomware comprised about 56 percent of malware attacking Linux systems.
In the first half of 2021, Trend Micro released new study on the state of Linux security. The report details how Linux operating systems are being targeted as organizations expand their digital footprint in the cloud, as well as the pervasive threats that make up the Linux threat landscape.
In 2017, Linux was used in 90% of public cloud workloads. According to Gartner, “Rising interest in cloud-native architectures is prompting questions about the future need for server virtualization in the data center. The most common driver is Linux-OS-based virtualization, which is the basis for containers.”
Linux enables businesses to get the most out of their cloud-based environments and drive their digital transformation strategies. Linux is used by many in today’s most cutting-edge IoT devices, cloud-based applications, and technology, making it a key area of modern technology to secure.
John Breen, Global Head of Cybersecurity at Flowserve, said “In the industry, we see some very creative attacks and we have to stay ahead. Protecting the company, our employees, and our intellectual property is a priority,”
“We’ll continue to work closely and collaborate with Trend Micro to ensure our people and our company remain protected.”
The report looks into the top malware families that affected Linux systems in the first half of 2021, with the following malware types topping the list:
* 25 percent Coinminers: The high prevalence of cryptocurrency miners is unsurprising, given the evident motivation of the cloud’s supposedly limitless computing capacity, which makes it the perfect environment.
* 20 percent Web shells: The recent Microsoft Exchange Attack, which used web shells, demonstrated the need of patching against this sort of malware.
* 12 percent Ransomware: The modern ransomware family DoppelPaymer was the most widespread, although other prominent ransomware families seen targeting Linux computers and also RansomExx, DarkRadiation, and the DarkSide.
Aaron Ansari, Vice President of Cloud Security for Trend Micro, said “It’s safe to say that Linux is here to stay, and as organizations continue to move to Linux-based cloud workloads, malicious actors will follow,”
“We have seen this as a main priority to ensure our customers receive the best security across their workloads, no matter the operating system they choose to run it on.”
According to the report, the majority of detections came from computers running end-of-life Linux distributions, with CentOS versions 7.4 to 7.9 accounting for 44% of all detections. In just six months, 200 distinct vulnerabilities in Linux environments were targeted. This suggests that Linux-based attacks are most likely exploiting obsolete software with unpatched vulnerabilities.