- Almost 13 million malware events targeted Linux-based cloud environments during the first half of 2021, according to a report from Trend Micro. The research highlights the growing threat environment facing the operating system.
- Detections arose from systems running end-of-life versions of Linux, Trend Micro found. The highest percentage, 44%, were from CentOS versions 7.4 to 7.9, followed by CloudLinux Server, which had 40% of the detections and 7% for Ubuntu.
- The leading malware families on Linux servers during the first half of 2021 included coin miners at 25%, web shells at 20% and ransomware at 12%.
Linux is considered a critical operating system in the enterprise space, in large part due to its prevalence in cloud computing.
"According to our data, 62% of enterprise cloud environments are using a variant of Linux, and more than 90% have workloads powered via a Linux-based service," Aaron Ansari, VP of cloud security at Trend Micro said via email. "Additionally, the cloud environments themselves have Linux as their foundation."
The most common vector of attacks are web application attacks, which account for 76% of the attacks, Trend Micro found. These types of attacks allow hackers to execute arbitrary scripts, compromise confidential information and steal, modify or destroy data.
Hackers are increasingly motivated to use the computing power embedded in the cloud to harness cryptocurrency mining operations, according to the report. Also, among the ransomware strains, DoppelPaymer was the most prevalent, though RansomExx, DarkRadiaiton and DarkSide were also observed.
To protect business environments against attacks by coin miners, web shells and ransomware, Ansari said organization should "secure the configuration of the environment and the images used, and have proper logging and identity and access controls in place."
"Also have people monitoring and professionals with the right expertise working to review and secure the cloud after every release and modification," he said.
The data included in this report comes from the Trend Micro Smart Protection Network, which the company says is a data lake for all detections across the firm’s products. Data is also collected from honeypots, sensors, anonymized telemetry and back end sensors.