Skip to main content
close search
site logo
Dive Brief

More threats target Linux, a foundation for the cloud, report finds

Published Aug. 25, 2021
David Jones's headshot
Reporter
Sean Gallup via Getty Images

Dive Brief:

  • Almost 13 million malware events targeted Linux-based cloud environments during the first half of 2021, according to a report from Trend Micro. The research highlights the growing threat environment facing the operating system. 
  • Detections arose from systems running end-of-life versions of Linux, Trend Micro found. The highest percentage, 44%, were from CentOS versions 7.4 to 7.9, followed by CloudLinux Server, which had 40% of the detections and 7% for Ubuntu. 
  • The leading malware families on Linux servers during the first half of 2021 included coin miners at 25%, web shells at 20% and ransomware at 12%.

Dive Brief:

Linux is considered a critical operating system in the enterprise space, in large part due to its prevalence in cloud computing. 

"According to our data, 62% of enterprise cloud environments are using a variant of Linux, and more than 90% have workloads powered via a Linux-based service," Aaron Ansari, VP of cloud security at Trend Micro said via email. "Additionally, the cloud environments themselves have Linux as their foundation."

The most common vector of attacks are web application attacks, which account for 76% of the attacks, Trend Micro found. These types of attacks allow hackers to execute arbitrary scripts, compromise confidential information and steal, modify or destroy data. 

Hackers are increasingly motivated to use the computing power embedded in the cloud to harness cryptocurrency mining operations, according to the report. Also, among the ransomware strains, DoppelPaymer was the most prevalent, though RansomExx, DarkRadiaiton and DarkSide were also observed. 

To protect business environments against attacks by coin miners, web shells and ransomware, Ansari said organization should "secure the configuration of the environment and the images used, and have proper logging and identity and access controls in place."

"Also have people monitoring and professionals with the right expertise working to review and secure the cloud after every release and modification," he said.

The data included in this report comes from the Trend Micro Smart Protection Network, which the company says is a data lake for all detections across the firm’s products. Data is also collected from honeypots, sensors, anonymized telemetry and back end sensors. 

Filed Under: Vulnerability, Threats

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell