Trend Micro has seen nearly 13 million malware attacks on Linux-based cloud environments. In the first half of 2021, coinminers, webshells and ransomware account for 56 percent of attacks on Linux operating systems.
Trend Micro, one of the world's leading providers of cybersecurity solutions, publishes its report on the current security status of Linux systems in the first half of 2021. The study provides a detailed insight into how Linux operating systems are increasingly targeted due to the ongoing cloud transformation advised by attackers. It also examines other common threats in the Linux environment.
Ninety percent of public cloud workloads use Linux
In 2017, 90 percent of public cloud workloads were running on Linux. According to Gartner, “the increasing interest in cloud-native architectures raises the question of the future virtualization needs of servers in data centers. A Linux OS-based virtualization is most often used, which forms the basis for containers. ”(1) Linux supports companies in the use of cloud-based environments and in digital transformation. Many modern IoT devices, cloud applications and technologies run on a Linux variant, which must be protected as an important part of modern infrastructures.
Cloud: SSH is becoming a target
A look at Shodan, a search engine for the Internet of Things, for example, shows a striking result at port 22, a port that is commonly used for the Secure Shell Protocol (SSH) for Linux-based machines: Almost 19 million devices that use connected to the Internet have exposed this port and can become the target of an attack. With just under 1,7 million open ports, Germany is in second place worldwide - after the USA (just under 6,8 million).
The study analyzes the main malware families that have attacked Linux servers in the past six months. The Trend Micro researchers identify the following types of malware:
- 25 percent coin miners - The widespread use of miners for cryptocurrency is no surprise given the large computing power of the cloud. High-performance cloud environments make it particularly attractive to use.
- 20 percent webshells - The latest attack on Microsoft Exchange using webshells shows how important it is to install patches against this malware variant.
- 12 percent ransomware - DoppelPaymer represents the largest share of ransomware, followed by the ransomware families RansomExx, DarkRadiation and DarkSide, which also target Linux operating systems.
“Linux has established itself permanently as an operating system in companies. With the ongoing migration to Linux-based cloud workloads, however, cybercriminal actors will also increasingly attack them, ”emphasizes Udo Schneider, IoT Security Evangelist Europe at Trend Micro. "That is why we see it as our main task to provide our customers with the best possible protection across their workloads - regardless of which operating system is used."
Outdated Linux systems are weak points
As the study shows, most of the vulnerabilities originated in systems with outdated versions of Linux distributions, including 44 percent from CentOS versions 7.4 to 7.9. In addition, 200 different vulnerabilities in Linux environments were exploited in just six months. According to this, cyber criminals are very likely to exploit outdated software with unpatched security holes on Linux systems. The complete Linux Threat Report for the first half of 2021 "Linux Threats in the Cloud and Security Recommendations" can be accessed online.
More at TrendMicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.