Linux has achieved business success. It's true that it hasn't done it on desktops, but this is less significant if we take into account that more than 80% of corporate servers run Linux as their operating system and that Linux-based virtual machines perform far better than Windows-based ones.
Given this information, it is not unexpected that cyber attackers have targeted the penguin OS, both in local environments and in significant cloud deployments or even at the edge, in IoT devices that, in more than 95% of cases, prefer to bank on adopting a simplified version of the Linux kernel.
In order for businesses to take appropriate action, it is important to consider the kind of assaults that they should be most worried about. In this perspective, there are five large categories of attacks.
Attacks with ransomware on virtual machines
Ransomware has emerged in recent years as one of the primary revenue streams for cybercriminal organizations. Additionally, many groups have started to create methods to encrypt installations based on Linux, which is the operating system that, by default, is mostly found on on-premises servers (as well as in the cloud) of businesses. They not only attack Windows computers without discrimination.
In this field, organizations like Conti, DarkSide, or REvi stand out. Typically, an attack takes place after weeks of research into the potential victim's defensive posture. In reality, these kinds of gangs attempt to penetrate the entire organization's network before encrypting the information and requesting a ransom in order to find any vulnerabilities that may be exploited at that time or in the future.
Targeting Linux host images for workloads in virtualized environments has also begun by certain organisations, such as Conti. They are particularly interested in encrypting ESXi virtual machine images since doing so may have a big impact on their business.
Cryptojacking
One of the most common cyberattacks against Linux systems is cryptojacking, which involves hacking networks in order to leverage a machine's resources to mine cryptocurrency. It allows attackers to make a direct profit and may often go undiscovered by other hackers. victims, who in any case don't care until their machine's performance starts to deteriorate.
In this situation, XMRig and Sysrv are the most common mining malware families, and security firms like SonicWall report an average of 338 daily cryptojacking incidents per client network. Hackers frequently employ default password lists, bash exploits, or exploits created especially to target poorly configured computers in these attacks.
Attacks on IoT devices
With a few exceptions, the simplicity of Linux-based IoT devices makes them an appealing target for cybercriminals and one of the primary sources of risk that businesses may encounter.
Companies like CrodwStrike report a 35 percent rise in cyberattacks on Linux-based IoT devices compared to the previous year.
Most cybercriminal organisations intend to infect these devices and add them to botnets with which to perform denial of service (DDoS) attacks against other targets. Some attacks aim to breach the security of these devices and discover a way to hack the network. Even after the infected device's firmware has been restored, such viruses may still exist.
Fileless attacks
Many cyberattacks employ Ezuri, an open-source program used to encrypt malicious code, according to certain cybersecurity experts who have been noticing this for more than a year.
What makes it unique? It is exceedingly challenging for an antivirus protection solution to identify such attacks after the computer is compromised since the payload is run immediately from memory after the malicious code is decrypted and leaves no trace on the disk.
According to my memory, a lot of these cyberattacks target Docker systems that have been incorrectly setup so that they may install DDoS bots and cryptojacking systems.
Linux malware on Windows machines
Through the Windows Subsystem for Linux (WSL), a technology that enables Linux files to execute on Windows, Linux malware may also target Windows PCs.
While it is true that WSL must be installed manually or through the Windows Insider Program, cybercriminals are still capable of doing so if they are able to increase their level of access to the machine they are attacking.
0 Comments