Beware of exposed Linux ports

Coinmining identified more malware cases than any other family.

According to Trend Micro, more than 13 million Linux-based cloud environments have encountered a malware event.

The company recently unveiled its 1H Linux Threat Report 2021, which shows that threat actors are paying close attention to Linux users.

Although popular society usually speaks of Microsoft Windows and macOS when it comes to operating systems, Trend Micro notes that all of the largest supercomputers in the world use Linux. Additionally, a W3Techs poll found that more than half (51%) of the world’s top 1,000 websites use Linux. Linux users are also well represented in the Trend Micro Workload Security customer base.

“It’s safe to say that Linux will stay here, and as companies continue to move to Linux-based cloud workloads, malicious actors will follow suit,” said Aaron Ansari, vice president of cloud security, Trend Micro.

Threat numbers

And the numbers show that the malicious actors have arrived. Trend Micro found 14 million results in one search for exposed Internet-connected devices using Linux operating systems.

About 19 million machines were running servers with the exposed “Port 22”. Most of these machines are in the United States. Trend Micro asked companies to close these ports.

Source: Trend Micro 1H 2021 Linux Threat Report

Most of the threats identified occurred in disused systems. In particular, CentOS versions 7.4 to 7.9 accounted for 44% of the detections.

Trend Micro also broken down the most common malware families affecting Linux servers in the first half of 2021. Coinminers took the main prize and took advantage of the trends in cryptocurrency mining. In second place came web shells, one of which was the latest Microsoft Exchange attack. Ransomware and Trojans ranked third and fourth.

Trend Micro types

Source: Trend Micro 1H 2021 Linux Threat Report

Trend Micro published the results of its ransomware study in July.

About Willie Ash

Check Also

Lumen Black Lotus Labs notes that Linux executables have been deployed as stealth Windows loaders

DENVER, September 16, 2021 / PRNewswire / – Black Lotus Labs, the threat intelligence arm …

Leave a Reply

Your email address will not be published. Required fields are marked *