The Linux operating system is famous for its flexibility and open-source nature. It also powers many cloud infrastructures. However, the popularity of Linux grew along with its threat landscape. Like other operating systems, Linux systems are not immune to cyberattacks. The latest analysis, “Linux Threat Report 2021” from Trend Micro, revealed that over 13 million malware attacks were targeted at Linux-based cloud environments in the first half of 2021.
Linux Threat Landscape
Today, most of the IoT devices and cloud-based applications run on Linux platforms, making them a primary target for threat actors. According to the report, the top five malware threats affecting Linux servers include coinminers (25%), web shells (20%), ransomware (12%), Trojans (10%), and others (3%). More than 65% of the malware variants were found in systems running end-of-life versions of the Linux platform with unpatched vulnerabilities.
The top four Linux distributions where the top threat types were found include CentOS Linux (51%), CloudLinux Server (31%), Ubuntu Server (10%), and Red Hat Enterprise Linux (3%). Most of the malware detections came from the U.S. (40%), followed by Thailand (19%) and Singapore (14%).
Other Key Findings
- Over 100,000 unique Linux hosts reported security events, showcasing a concerning amount of criminal activity targeting Linux hosts.
- In 2020 there were approximately 20,000 vulnerabilities reported. However, only 200 (1%) have publicly known exploits. This gives a clear path forward for security teams of which vulnerabilities should be the patching priority.
- Detections were found from end-of-life versions of Linux. These unsupported systems no longer receive critical security patches, making them significantly more vulnerable to future exploits and attacks.
- In July 2021, almost 14 million exposed Linux servers were detected by Censys.io, and Shodan caught nearly 19 million Linux servers with port 22 exposed, leaving plenty of openings for attackers to target.
“It’s safe to say that Linux is here to stay, and as organizations continue to move to Linux-based cloud workloads, malicious actors will follow. We have seen this as a main priority to ensure our customers receive the best security across their workloads, no matter the operating system they choose to run it on,” said Aaron Ansari, vice president of cloud security for Trend Micro.