are being targeted more and more frequently by malicious actors, largely thanks to the prevalence of Linux in public cloud workloads. More than 13 systems were detected between January and June 2021 alone, according to Trend Microanalysis.
In its newly published Linux threat report 2021 1H: Linux threats in the cloud and security recommendations,, Trend Micro’s analysts detail how cybercriminals are following organizations that have upped their use of during the pandemic.
Because the vast majority of public cloud workloads run on Linux, thehas become the critical driver behind virtually every single digital transformation project currently undertaken. As such, this makes the security of Linux environments ever-more critical as take an interest.
“It’s safe to say that Linux is here to stay, and as organizations continue toworkloads, malicious actors will follow,” said Aaron Ansari, vice-president of cloud security at Trend Micro.
“We have seen this as a mainacross their workloads, no matter the operating system they choose to run it on.”
Trend Micro found that 25% of malware currently hitting Linux servers are. It said it should be no surprise because the , making it the perfect environment for illicit cryptocurrency mining.
The second most widespread type of malware seen were web shells, accounting for 20% of attacks – recent and ongoing attacks onhave highlighted the importance of protecting against web shells.
The third most commonly observed, accounting for 12% of incidents. The most prevalent variety targeting Linux environments was DoppelPaymer, although others, such as RansomExx, DarkRadiation, and DarkSide, were also fairly widespread.
The top Linux distributions impacted by these threats were CentOS Linux, which accounted for just under 51% of incidents – in part because versions 7.4 to 7.9 of CenOS have been end-of-life. CloudLinux Server accounted for 31.2% of incidents, Ubuntu Server for 9.6%, andEnterprise Linux Server for 2.7%.
Tim Mackey, the principal security strategist at thesaid that given the foundational nature of Linux for cloud computing and technologies such as Docker and Kubernetes, a solid understanding of the associated security issues and requirements should be an essential part of a sysadmin’s or SRE’s role in a DevOps team.
“Increasingly, securing Linux systems means securing the application layer and understanding the latent security risks present in pre-packaged runtime environments like those of VMs and containers,” he said. “Addressing these risks requires a systematic approach employingmethodologies based on an understanding of how weaknesses in code and configurations contribute to exploitable environments.”