Defenders Be Prepared: Cyberattacks Surge Against Linux Amid Cloud Migration

  /     /     /  
Publicated : 23/11/2024   Category : security


Defenders Be Prepared: Cyberattacks Surge Against Linux Amid Cloud Migration


Ransomware in particular poses a major threat, but security vendors say there has been an increase in Linux-targeted cryptojacking, malware, and vulnerability exploits as well, and defenders need to be ready.



Linux may not quite stack up to Windows when it comes to the raw number of attacks against systems running the operating system, but threat actor interest in Linux-based servers and technologies has ramped up significantly recently.
Thats likely in response to growing enterprise use of Linux infrastructures — especially in the cloud — to host mission critical applications and data, according to a report from Trend Micro this week. The firm identified a 75% increase in ransomware attacks targeting Linux systems in the first half of 2022 compared to the same period last year.
The report also said that researchers from the company spotted
1,961 instances of Linux-based ransomware attack attempts
on its customers in the first six months of 2022 versus 1,121 in 1H, 2021.
The increase was consistent with Trend Micros previous observations about threat actors
broadening their efforts to target Linux platforms
and ESXi servers, which many organizations use to manage virtual machines and containers.
The security vendor has described the trend as being spearheaded by the operators of the REvil and DarkSide ransomware families, and gaining momentum with the release of a LockBit ransomware variant for Linux and VMware ESXi systems last October.
Earlier this year, Trend Micro researchers observed yet another variant called Cheerscrypt surfacing in the wild that also targeted ESXi servers. And, several other security vendors have reported observing
other ransomware such as Luna and Black Basta
that can encrypt data on Linux systems.
Ransomware is currently the biggest, but
not the only, threat targeting Linux systems
. A report that VMware released earlier this year noted an increase also in cryptojacking and the use of remote-access Trojans (RATs) designed to attack Linux environments.
The company for instance discovered that threat actors are using malware such as XMRig to steal CPU cycles on Linux machines to mine Monero and other cryptocurrencies.
Cryptomining malware on Linux saw an increase in the first half, likely from the fact that cloud-based crypto-mining has seen growth by malicious actors perpetrating this threat, notes Jon Clay, vice president of threat intelligence with Trend Micro.
VMwares report also observed expanded use of tools such as Cobalt Strike to target Linux systems and the emergence of a Linux implementation of Cobalt Strike called Vermilion Strike.
Like Trend Micro, VMware too noted
an increase in the volume and sophistication
of ransomware attacks on Linux infrastructure — especially host images for workloads in virtual environments. The company described many of the ransomware attacks against Linux systems as targeted, rather than opportunistic, and combining data exfiltration and other extortion schemes.
Windows continues to be — by far — the most heavily targeted operating system, simply because of the size of its installed base. Clay says of the 63 billion threats that Trend Micro blocked for customers in the first half of 2022, only a very small percentage were Linux-based. Though there were millions of Linux threat detections in 1H, 2022, there were billions of attacks on Windows systems over the same period, he says.
But the growing attacks on Linux systems are troubling because of how Linux is starting to be utilized within critical areas of the business computing infrastructure. VMware pointed out in its report that Linux is the most common operating system across multicloud environments, and 78% of the most popular websites are powered by Linux. Thus, successful attacks on these systems could cause considerable harm to the organization’s operations.
Malware targeting Linux-based systems is fast becoming an attackers way into high-value, multi-cloud environments, VMware warned.
Even so, security protections might be lagging, Clay points out.
Threat actors are seeing opportunities to attack this operating system as it is more common to see it running critical areas of a business operation, he says. Because historically it hasn’t seen a lot of threats target it, security controls may be missing or not enabled properly to protect it.
Linux administrators need to first of all follow standard security best practices to secure their systems, researchers say, such as keeping systems patched, minimizing access, and conducting regular scans.
Mike Parkin, senior technical engineer at Vulcan Cyber, says its significant to note the major differences in how Linux- and Windows-based systems are used when assessing risk and managing patching. Linux systems are usually servers found both on-premises and in cloud deployments. While there are a lot of Windows servers, there are far more Windows desktops, and those are often what gets targeted, with the servers then being compromised from that initial Windows toehold.
Further, Linux user awareness around social engineering should be an organizational focus.
Linux system administrators are, hopefully, less likely to fall for typical phishing and social engineering attacks than the general population, Parkin says. But the standard advice applies — users need to be trained to be part of the solution rather than part of the attack surface.
Clay meanwhile says the first thing organizations need to do is to inventory all the Linux-based systems they’re running and then look to implement a Linux-based security approach to protect against different threats.
Ideally, this would be part of a cybersecurity platform where they could deploy security controls automatically as Linux systems come online and model their controls for Windows-based systems, he says. Ensure this includes technologies like machine learning, virtual patching, application control, integrity monitoring, and log inspection.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Defenders Be Prepared: Cyberattacks Surge Against Linux Amid Cloud Migration