A recent research report on the situation of Linux security in the first half of this year has revealed multiple insights. As organizations are now increasingly adopting Linux-based cloud environments, they have come into the crosshairs of attackers more now than ever. So far, over 13 million malware events have been observed targeting Linux-based cloud environments.

Report finds 

Released by Trend Micro, the report focuses on the top malware families targeting Linux-based cloud environments or servers.
  • Coin miners accounted for 25% of all malware families targeting Linux-based clouds. The cloud environment has a vast amount of computing power and resources, making it a favorable environment for cryptocurrency miners.
  • Web shells accounted for around 20% of malware families. One of the main examples of such attacks is the recent Microsoft Exchange attack, which involved the use of web shells.
  • Ransomware attacks accounted for 12% of the share, with DoppelPaymer being the most prominent. Some other notable ransomware families spotted by the researchers included DarkRadiation, DarkSide, and RansomExx.

Additional insights

One of the major observations is that most of the targeted Linux-based cloud environments are running outdated and end-of-life software with unpatched vulnerabilities.
  • Around 200 vulnerabilities were abused in Linux environments in six months.
  • Most of the targeted systems were running old versions of Linux, including 44% running CentOS versions 7.4 to 7.9.

Popularity of Linux

  • According to Gartner, Linux-based virtualization is one of the key reasons for the increased use of cloud environments worldwide. 
  • Nearly 90% of public clouds were using Linux versions as of 2017.


Trend Micro’s report highlights the importance of patching critical systems and applications on time. Due to the increased use of Linux-based infrastructure, threat actors are expected to be frequent visitors to such platforms. It is recommended to have additional and adequate layers of security checks against such threats that might become persistent in the near future.

Cyware Publisher