Coinminers, web shells and ransomware made up 56% of malware targeting Linux systems in H1 2021

Trend Micro released a research on the state of Linux security in the first half of 2021. The report gives valuable insight into how Linux operating systems are being targeted as organizations increase their digital footprint in the cloud and the pervasive threats that make up the Linux threat landscape.

Modern computer architectures and Linux

As of 2017, 90% of public cloud workloads ran on Linux. According to Gartner, “Rising interest in cloud-native architectures is prompting questions about the future need for server virtualization in the data center. The most common driver is Linux-OS-based virtualization, which is the basis for containers.”

Linux allows organizations to make the most of their cloud-based environments and power their digital transformation strategies. Many of today’s most cutting-edge IoT devices and cloud-based applications and technology run on some flavor of Linux, making it a critical area of modern technology to secure.

Top malware families targeting Linux systems in H1 2021

• 25% coinminers – The high prevalence of cryptocurrency miners is of little surprise given the clear motive of the seemingly endless amount of computing power the cloud holds, making it the perfect environment.
• 20% web shells – The recent Microsoft Exchange Attack, which leveraged web shells, showed the importance of patching against this type of malware.
• 12% ransomware – The most prevalent detected was the modern ransomware family, DoppelPaymer, however some other notable ransomware families seen targeting Linux systems as well are RansomExx, DarkRadiation, and the DarkSide.

“It’s safe to say that Linux is here to stay, and as organizations continue to move to Linux-based cloud workloads, malicious actors will follow,” said Aaron Ansari, VP of cloud security for Trend Micro.

The report revealed that most detections arose from systems running end-of-life versions of Linux distributions, including 44% from CentOS versions 7.4 to 7.9.

In addition, 200 different vulnerabilities were targeted in Linux environments in just six months. This means attacks on Linux are likely taking advantage of outdated software with unpatched vulnerabilities.