Although 90% of cloud apps run on Linux, not much is being done to protect them from Linux malware. Linux has become a highly sought-after target for threat actors and they are abusing it in every way they can. VMware published its threat report on Linux malware and the most common attacks that organizations need to stay safe from.
Diving into details
- Ransomware gangs have taken an interest in Linux environments. Ransomware actors such as Hive, Conti, and DarkSide are rapidly upgrading their tools and skills to target these environments. Recently, the new Cheerscrypt ransomware was found targeting vulnerable VMware ESXi servers.
- Cryptojacking has gained popularity among cybercriminals, with Sysrv and XMRig as two prominent cryptominers. Earlier in May, malicious campaigns against Docker honeypots were identified, including cryptomining, shell script, and reverse shell attacks. The attacks targeted exposed Docker API port 2375.
- Most IoT devices run on Linux and are the potential targets of threat actors. In 2021, the volume of malware targeting Linux devices surged by 35% as compared to the previous year, reported CrowdStrike. The XorDDoS, Mozi, and Mirai botnet families account for 22% of all attacks on IoT devices. In the last six months, the threat posed by XoRDDoS increased by 254%, stated Microsoft. Lately, two new botnets—Enemybot and Fodcha—were found compromising IoT devices, routers, and modems across the world by exploiting their flaws.
- Even nation-state actors have jumped into the Linux bandwagon and are increasingly targeting Linux environments. With the onset of the Russia-Ukraine war, a lot of Linux malware have been deployed. Just before the war started, Russia-based Sandworm had deployed the Cyclops Blink malware on U.S. and U.K Linux systems. In April, the same APT group was found propagating the Industroyer2 malware to interrupt electricity supplies in Ukraine.
- Just because it is named Linux malware does not mean that it targets only Linux systems; various such malware were found targeting Windows systems too. Linux malware abuses windows machines via Windows Subsystem for Linux (WSL). The WSL feature enables Linux binaries to run natively on Windows. Hackers have displayed a rising interest in WSL by developing new malware capable of conducting espionage and downloading further modules.
The bottom line
Cybersecurity is an integral part of any organization and should be incorporated into the decision making process for developing and maintaining different technology environments. Linux malware now has a vast attack surface, including servers, consumer devices, specialized OSes, and virtual environments. Therefore, there is a need for an all-encompassing security strategy that leaves no gaps for attackers to abuse.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/d1ed_shutterstock_1030454659.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/89a4_shutterstock_1680036874.jpg)
