Attackers increasingly target Linux in the cloud
Linux has been the favored operating system of system administrators and hackers, but now the operating system has become a significant target of cybercriminals as well, with malware — such as Web shells and coin miners — running from Linux containers and about 200 different Linux vulnerabilities targeted in attacks.
That data, from security firm Trend Micro, underscores how containers have taken off and some of the most popular ones have a significant number of vulnerabilities. The official Python image, for example, has 482 vulnerabilities — 32 of them critical — while the official WordPress image has 402 vulnerabilities, 26 of them critical.
Companies need to ask themselves how they intend to secure their container infrastructure, says Aaron Ansari, vice president of cloud security at Trend Micro.
“If there are vulnerabilities, how are you going to patch them?” he says, adding that companies that do not have a quick time-to-patch need to take alternative steps. “That is when you need to have something to defend your systems — especially your critical ones. If it is a critical system, you need to find some way to secure it.”
Driven by the widespread adoption of cloud, containerization, and infrastructure as code, Linux adoption has taken off. More than 77% of all websites run Unix, with the majority — and likely the vast majority — running Linux, according to Web technology survey firm W3Techs. Among Trend Micro customers, companies deploying containers and virtual servers into cloud infrastructure, 61% use Linux and 39% use Windows, the company said. Almost three-quarters of Linux installations use Red Hat Enterprise Linux, AWS Linux, Ubuntu, or CentOS.
Little wonder, then, that 95% of all security events detected by intrusion prevention systems (IPSs) targeted those operating systems, with 43% of attacks and probes aimed at Amazon Linux, 29% at Red Hat Enterprise Linux, 15% at various flavors of Ubuntu, and 8% at CentOS, according to Trend Micro data. The data represents events logged by 100,000 unique Linux hosts.
To read the complete article, visit Dark Reading.