Many regard Linux as one of the most secure operating systems due to its stability, flexibility, and open-source nature. Linux is also powerful and dependable when it comes to performance and efficiency. Linux has also proven its superiority by continuing to be the only operating system to be used in all of the world’s top 500 supercomputers. It also supports nontraditional IT applications such as heavy machinery controlling, robotics, high-speed trains, and even major space programs. And in an increasingly cloud-centric world, Linux allows organizations to leverage and get the most of their cloud-based environments and power their digital strategies. But this success has a downside: With Linux an increasingly popular choice for businesses counting on, it is now a major attack vector for cybercriminals looking to find holes in its security.
Cybersecurity company Trend Micro released a new research report that sheds light on the current state of Linux security. The report provides several valuable insights and focuses on vulnerability distribution, major threats, and security drawbacks of the Linux operating system. It is especially eye-opening for those who mistakenly believe Linux is invulnerable to attacks.
Exposed Linux systems
The Trend Micro report listed the percentage of the cyber threats among the various distributions of Linux. CentOS, one of the most popular Linux distributions, had the highest percentage of attacks with 50.8%. Many industry experts believe that this is because full support for CentOS ended in August 2019. Moreover, a staggering 44% of security breach detections came from CentOS versions 7.4 to 7.9. CloudLinux Server followed on the list with 31.24% of vulnerabilities. Ubuntu Server and Red Hat Enterprise Linux had shares of 9.56% and 2.73%, respectively.
The report also found that over 200 different vulnerabilities were targeted in Linux environments in just six months. It is also worth noting that a majority of the vulnerabilities detected were from systems running old or end-of-life versions of Linux. This elucidates that cybercriminals are likely taking advantage of older and outdated software with unpatched vulnerabilities and bugs.
Top Linux security threats
The report also listed the major threat types affecting the Linux servers in the first half of 2021. The team of experts analyzed more than 13 million security events flagged and recorded to identify the top malware families that posed the major threat to Linux servers and systems. The top malware identified are:
- Coin miners: 24.56%
- Web shells: 19.92%
- Ransomware: 11.55%
- Trojans: 9.65%
- Others: 3.15%
Considering the high prevalence of coin miners and web shell attacks, it is evident that hackers are trying to steal the powerful computing resources provided by the cloud to run their cryptocurrency mining activities. The report also analyzed the most commonly used enterprise-grade Docker images to review the security threats to the containers. Almost all the major containers used by organizations faced vulnerabilities and were prone to cyberattacks.
Most common OWASP and non-OWASP attacks
The report also distinguished several million web-based attacks and cyberthreats that fit in the Open Web Application Security Project (OWASP) and the non-OWASP attacks.
The most common OWASP attacks included SQL injection with 27%, Command injection (23%), XSS (22%), and insecure deserialization (18%). XML external entity and broken authentication were also made to the list with 6% and 4%, respectively. The data summarizes that the injection flaws and cross-scripting attacks are on the rise and are an area for organizations to work on.
The report also found that brute-force, directory traversal, and request smuggling attacks are the three most prevalent and major non-OWASP security risks.
Linux security starts with your systems and servers
Due to its ubiquitous nature, performance, stability, and flexibility, organizations and enterprises will continue to rely and depend on Linux systems to power their digital infrastructures. This includes systems, mainframes, servers, datacenters, web development platforms, and hosting servers. Cybercriminals are continuing to leverage the loopholes and security drawbacks of these Linux systems to hack into the systems. Therefore, organizations need to secure their Linux systems to prevent any of these incidents or cyberattacks. Organizations can rely on anti-malware solutions, implement a strong intrusion prevention/detection system, perform regular vulnerability assessments to stay safe. Active monitoring of the resources and proper execution control can also provide greater visibility and insights to stay safe. Finally, it is crucial for organizations to train and educate their employees on being safe and taking the necessary precautions to avoid any cyberattacks. More information about Linux security and best practices can be found here.
Featured image: Shutterstock / TechGenix photo illustration