Linux servers and cloud infrastructure are being targeted in a rapid way to penetrate ransomware, cryptojacking attacks, illegal activities, and many businesses are leaving themselves vulnerable to attacks because their Linux infrastructure is misconfigured or poorly managed.
According to VMware cybersecurity researchers, malware targeting Linux-based systems is growing in volume and complexity, with a lack of attention on controlling and identifying threats against them. This follows an increase in the adoption of cloud-based services by businesses due to the emergence of hybrid working, with Linux being the most frequent operating system in these settings.
As outlined in the research paper, this development has offered new pathways for cybercriminals to breach enterprise networks, including ransomware and crypto-jacking assaults intended to target Linux servers in environments that may not be as closely monitored as those running Windows.
These attacks are intended to have the most possible damage, as cyber thieves attempt to penetrate as much of the network as possible before initiating the encryption process and demanding a ransom for the decryption key.
According to the paper, ransomware has evolved to target Linux host images used to spin up workloads in virtualized environments, allowing attackers to encrypt large swaths of the network at once, complicating the incident response. Attacks on cloud environments also result in attackers taking data from servers, which they threaten to release unless a ransom is paid.
REvil, DarkSide, and Defray777 are among the ransomware families that have been observed attacking Linux systems, and it’s likely that more ransomware families will emerge that target Linux as well.
Linux servers are increasingly being targeted by crypto-jacking and other malware attacks. Cryptojacking software mines cryptocurrency by stealing processing power from CPUs and servers.
Attacks on all operating systems are frequently undetected. While cryptojackers consume energy and may cause systems to slow down, the drain is usually insignificant enough to create substantial disruption.
The open-source XMRig miner is the most popular application for mining Monero, and many of these are running on Linux servers. Cryptojacking can easily go undetected if the Linux system isn’t properly monitored, and cybercriminals are aware of this.
“In order to maximize their damage with the least amount of effort possible, cybercriminals are substantially increasing their scope and adding malware that targets Linux-based operating systems to their attack toolset,” said Giovanni Vigna, senior director of threat intelligence at VMware. Cyber attackers have realized that compromising a single server can offer a big reward rather than infecting a PC and then moving on to a higher value target.
When compared to similar attacks targeting Windows systems, many of the cyberattacks targeting Linux environments are still relatively simple, which implies that many of these attacks may be avoided with the proper strategy to monitoring and securing Linux-based systems.
This covers cybersecurity hygiene practices like not using default passwords and not sharing a single account with several users.
Focus on the essentials, says Brian Baskin, VMware’s manager of threat research. The truth is that the majority of your opponents are not technologically advanced. They’re not hunting for particular exploits, but rather generic open vulnerabilities and misconfigurations, he noted. Prioritize those before moving on to zero-day attacks and new vulnerabilities; be sure you’ve handled the basics first.