Cloud Security

76% of attacks on Linux systems in the cloud are web-based

Oracle Co-Founder Larry Ellison delivers a keynote address at the Oracle OpenWorld conference in 2006. Kaspersky researchers recently discovered a new file-encrypting Trojan built as an executable and linkable format (ELF) that encrypts data on machines controlled by Linux-based operating systems.(Justin Sullivan/Getty Images)
Oracle Co-Founder Larry Ellison delivers a keynote address at the Oracle OpenWorld conference in 2006. New research on Monday by Trend Micro found that 76% of attacks on Linux systems in the cloud are web-based. (Justin Sullivan/Getty Images)

New research on Monday by Trend Micro found that 76% of attacks on Linux systems in the cloud are web-based.

The leading types of malware included the following: coinminers (24.5%), web shells (19.9%), ransomware (11.5%), and trojans (9.6%).

Of the attacks on web-based systems, 21.2% are attacks on the Open Web Application Security Project (OWASP) Top 10. Of those attacks, 27.1% were from SQL injections, 23.1% from command injections, 21.8% were caused by cross-site scripting, and 17.5% were the result of insecure deserialization.

Overall, the report also said that Censys.io, a search engine for internet device scanned the Internet on July 6, 2021, found some 14 million results when searching for exposed devices connected to the Internet and running any Linux OS.

It's no surprise that the majority of these attacks are web-based because every website is different and written by different developers with varied skill sets, said Shawn Smith, director of infrastructure at nVisium. Combine this with the reality that not all developers are security gurus, and hackers have an incredibly alluring target.

“Web servers are one of the most common services to expose to the internet because the majority of the world interacts with the internet through websites,” Smith said. “There are other areas exposed — like FTP or IRC servers — but the vast majority of the world uses websites as their main contact point to the internet. As a result, this is where attackers will focus to get the biggest return on investment for their time spent.”

Joseph Carson, chief security scientist and Advisory CISO at ThycoticCentrify, said like any operating system, security depends entirely on how security teams, configure or manage the operating system. Each new Linux update tries to improve security, however, to get the most value security teams must enable and configure it correctly.   

“The state of Linux security today is rather good and has evolved in a positive way with much more visibility and security features built in,” Carson said.  “Nevertheless, like many operating systems, security teams must install, configure and manage it with security in mind as that’s how cybercriminals take advantage, via the human touch.”

John Bambenek, threat intelligence advisor at Netenrich, added that the LAMP stack (Linux, Apache, MySQL, PHP) democratized the Internet so anyone can set up a web application.

“The problem with that is that anyone can now set up a web app,” said Bambenek. “While we are still waiting for the year of Linux on the Desktop, it’s important for organizations to use best practices for their web presence. Typically, this means staying on top of CMS patches/updates and routine scanning to find and remediate SQL injection vulnerabilities.”

Related

New Muddled Libra attacks set sights on cloud

Attacks by the Muddled Libra threat operation — also known as UNC3944, Scattered Spider, Scatter Swine, and Starfraud — have been redirected at cloud service providers and software-as-a-service apps as part of efforts to bolster its data extortion efforts, reports The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.