[ad_1]
Cybercriminals are targeting Linux-based clouds to mine cryptocurrency so much so that coinminers have surpassed ransomware and web shells as the top Linux malware.
This doesn’t mean Linux, a highly esteemed operating system used on 100% of the top 500 supercomputers, 50.5% of the top 1,000 global websites, 96.3% of the top one million web servers, and 90% of public cloud workloads, is not susceptible to threats. At the same time, it also doesn’t mean it is impervious to all modern-day threats. Trend Micro used Censys’ search engine to discover that 14 million such devices are connected to the internet and susceptible to online threats. These Linux devices are exposed due to their exposed port 22, which is used for Secure Shell (SSH) communication. Data from Shodan is even more concerning with 19 million devices having this port exposed. An exposed port 22 is basically an invitation to carry out malicious activities including but not limited to botnet-driven brute-force attacks. It is noteworthy that the most instances (over 5.2 million out of 19) of exposed Linux systems are Ubuntu, a linux distribution most popular with beginners considering its ease-of-use, stability and its large app repository. This is one of the major reasons why different distributions play a role in delivering a computing environment conducive to top-notch security. But before that, let us take a look at the most-used Linux distributions. Linux Distributions The following pie chart represents the most used Linux distro for enterprise use cases. Linux Distributions Linux Distributions Protected This is why maintenance, consistent updates are the hallmarks of adoption of a particular distribution. Linux has two layers: the kernel and the shell. Kernel is well-designed, protected, and with very few shortcomings. It serves as the basis of several or all Linux distributions. The kernel enables developers to build an interactive interface, which is completely different from any existing ones. This is known as the shell. What differentiates a Linux distribution from the other is the shell layer built on top of the kernel. Developers have the flexibility to design the OS as they wish. The only limitation is the technical prowess of the developer. This is the reason why different Linux distributions are found with different vulnerabilities. In essence, the kernel may be highly secure which in most cases is true. However, the distribution an enterprise is leveraging may not be. Relevant updates and consistent modernization is what makes a Linux distro reliable and secure for large-scale use cases such as a running enterprise cloud workloads. See Also: Is Linux as Secure as We Think? Vulnerabilities in Linux Trend Micro assessed 50 million events from H1 2021, generated on 100,000 unique Linux hosts. The company found 200 different vulnerabilities:
Top Vulnerabilities With Known Exploits or Proofs of Concept CVE CVSS Score Version 3 Severity
Apache Struts2 remote code execution (RCE) vulnerability CVE-2017-5638 10 Critical
Apache Struts 2 REST plugin XStream RCE vulnerability CVE-2017-9805 8.1 High
Drupal Core RCE vulnerability CVE-2018-7600 9.8 Critical
Oracle WebLogic server RCE vulnerabilities CVE-2020-14750 9.8 Critical
WordPress file manager plugin RCE vulnerability CVE-2020-25213 9.8 Critical
vBulletin ‘subwidgetConfig’ unauthenticated RCE vulnerability CVE-2020-17496 9.8 Critical
SaltStack salt authorization weakness vulnerability CVE-2020-11651 9.8 Critical
Apache Struts OGNL expression RCE vulnerability CVE-2017-12611 9.8 Critical
Eclipse Jetty chunk length parsing integer overflow vulnerability CVE-2017-7657 9.8 Critical
Alibaba Nacos AuthFilter authentication bypass vulnerability CVE-2021-29441 9.8 Critical
Atlassian Jira information disclosure vulnerability CVE-2020-14179 5.3 Medium
Nginx crafted URI string handling access restriction bypass vulnerability CVE-2013-4547 NA N/A
Apache Struts 2 RCE vulnerability CVE-2019-0230 9.8 Critical
Apache Struts OGNL expression RCE vulnerability CVE-2018-11776 8.1 High
Liferay portal untrusted deserialization vulnerability CVE-2020-7961 9.8 Critical Linux Vulnerabilities Targets Top Application Targets through Known Vulnerabilities on Linux | Source: Trend Micro Linux Malware Trend Micro found that coinminers or cryptocurrency mining malware are the most prevalent in Linux. Coinminers are those malicious programs that illicitly leverage or abuse computing resources such as the CPU and GPU hardware to mine cryptocurrencies such as Bitcoin, Ethereum, Monero, etc. Victims of coinminer infection often notice system lags, crashes, increased power consumption, overheating and other issues. Coinminers essentially hijack compute resources of the target. Trend Micro said coinmining on Linux is especially attractive to cybercriminals particularly due to the use of Linux on more than a significant chunk of Linux-based cloud environments. It also has something to do with the recent hype around cryptocurrency (Bitcoin in particular) reaching new heights. Trend Micro’s Magno Logan and Pawan Kinger wrote, “Given that the cloud holds a seemingly endless amount of computing power, hackers have a clear motive in stealing computing resources to run their cryptocurrency mining activities.” Web shells came in second. It is a malicious code that attackers drop on the target system, first to access, and later to continue to maintain that access on a web server. Usually written in web development programming languages (PHP, ASP), web shells also allow remote code execution besides illegal access. Web shell-driven remote code execution enables attackers to steal data from the servers, and even leverage the server as a staging ground for additional malice such as lateral movement, deployment of additional payloads, etc. Web shells are necessarily the entry point of attacks against an individual or an organization. Given 19 million Linux systems were found to have port 22 exposed, this certainly is a cause for concern. Top 5 Malware Types on Linux Top Five Malware Types on Linux | Source: Trend Micro Ransomware and Trojans also pose significant threats to Linux systems.
Malware Type Affecting Linux Prevalent Malware Family
Coinminers
Coinminer.Linux.MALXMR.SMDSL64
Coinminer.Linux.MALXMR.PUWELQ
Web shells
Backdoor.PHP.WEBSHELL.SBJKRW
Backdoor.PHP.WEBSHELL.SMMR
Backdoor.PHP.WEBSHELL.SMIC
Ransomware
DoppelPaymer
Unnamed ransomware strain
RansomExx
DarkRadiation
DarkSide
Trojans
NA
Linux implementations have been known for their high reliability when it comes to process management, efficiency, uptime, and most importantly security. But they also have a shelf life and as different Linux distributions become dated, they become increasingly inconsistent with the present-day security requirements. At least that’s what Trend Micro notes in their Linux Threat Report for H1 2021.
News Summary:
- Crypto Mining Has Piqued Cybercriminals’ Interest In Breaking Linux, According To Trend Micro Report
- Check all news and articles from the latest Security news updates.
[ad_2]
