SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
More than 13 million malware events targeted Linux-based cloud environments in first half 2021
Tue, 31st Aug 2021
FYI, this story is more than a year old

Trend Micro has released new research on the state of Linux security in the first half of 2021, giving valuable insight into how Linux operating systems are being targeted as organisations increase their digital footprint in the cloud.
According to Gartner, rising interest in cloud-native architectures prompts questions about the future need for server virtualisation in the data center. The most common driver is Linux-OS-based virtualisation, which is the basis for containers. As of 2017, 90% of public clouds workloads ran on Linux.

Trend Micro says Linux allows organisations to make the most of their cloud-based environments and power digital transformation strategies. Many of today's cutting-edge IoT devices and cloud-based applications and technology run on some flavour of Linux, making it a crucial area of modern technology to secure.

"In the industry, we see some very creative attacks, and we have to stay ahead," says Flowserve global head of cybersecurity, John Breen.

"Protecting the company, our employees, and our intellectual property is a priority. We'll continue to work closely and collaborate with Trend Micro to ensure our people and our company remain protected."

The report looks into the top malware families affecting Linux servers during the first half of 2021, with the principal types being:

  • Coin miners (25%): The high prevalence of cryptocurrency miners is of little surprise given the clear motive of the seemingly endless amount of computing power the cloud holds, making it the perfect environment.
  • Web shells (20%): The recent Microsoft Exchange attack, which leveraged web shells, showed the importance of patching against this type of malware.
  • Ransomware (12%): The most prevalent detected was the modern ransomware family, DoppelPaymer. However, some other notable ransomware families seen targeting Linux systems are RansomExx, DarkRadiation, and DarkSide.

"It's safe to say Linux is here to stay, and as organisations continue to move to Linux-based cloud workloads, malicious actors will follow," says Trend Micro vice president of cloud security, Aaron Ansari.

"We've seen it as a main priority to ensure our customers receive the best security across their workloads, no matter the operating system they choose to run it on."

The report revealed that most detections arose from systems running end-of-life versions of Linux distributions, including 44% from CentOS versions 7.4 to 7.9. It found 200 different vulnerabilities were targeted in Linux environments in just six months. Meaning, attacks on Linux are likely taking advantage of outdated software with unpatched vulnerabilities.